[6608] in bugtraq
Re: feature Re: pine/pico vt control characters bug
daemon@ATHENA.MIT.EDU (Matt Barrie)
Sat Apr 25 19:32:25 1998
Date: Sat, 25 Apr 1998 15:03:18 -0700
Reply-To: Matt Barrie <mbarrie@LELAND.STANFORD.EDU>
From: Matt Barrie <mbarrie@LELAND.STANFORD.EDU>
X-To: gvs@AGMAR.RU
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.3.96r.980426001435.10961A-100000@heart.agmar.ru> from
"GvS One" at Apr 26, 98 00:20:36 am
If I remember correctly for Wyse terminals the escape codes are
ESC-8<malicious command>ESC-9ESC-s
matt
>
> _\|/_
>
> On Sat, 25 Apr 1998, Michal Zalewski wrote:
>
> >Pico, an editor included with pine 3.96 package, handles vt control
> >characters (eg. 0x9B) improperly, so it's possible to do almost anything
> >when normal text file is viewed with pico. Example? Try viewing file
> >containing only two characters: 0x9B and 0x63... That's not all, pico is
> >called by pine when you're replying to mail message. Anyone may insert any
> >control chars (using quoted-printable encoding) to his signature.
>
> Hm... Guessing... Pine: Main Menu -> Setup -> configure, few lines
> down...
>
> [X] Pass-control-characters-as-is
> ?
>
> ... or something like that. Don't you want to try it turned off while
> reading such message? ;)
>
> >Fix:
> >
> >--- display.c.orig Wed Jul 10 18:59:09 1996
> >+++ display.c Sat Apr 25 14:23:41 1998
> >@@ -266,7 +266,7 @@
> > }
> > while ((vtcol&0x07) != 0);
> > }
> >- else if (c.c < 0x20 || c.c == 0x7F) {
> >+ else if (c.c < 0x20 || c.c == 0x7F || c.c == 0x9B) {
> > ac.c = '^';
> > vtputc(ac);
> > ac.c = (c.c ^ 0x40);
> >
> >(should help, at least in above situation)
>
> sorry to bother you, if I'm wrong and you had turned that feature off.
> If so, and pico's control characters passing algorithm is incomplete,
> we should fix it to work with termcap/terminfo databases to determine
> what the characters are treated to be control.
>
> SY, Seva Gluschenko, just stranger at the Road.
>
> --- IRC: erra
> * Origin: gone to the Internet (gvs@agmar.ru) [http://www.agmar.ru/~gvs/]
>
