Submitted By: Randy McMurchy Date: 2008-05-14 Initial Package Version: 9.02 Upstream Status: Unknown (nothing mentioned in upstream mailing list logs or added to upstream CVS) Origin: http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/rxvt-unicode/files/rxvt-unicode-9.02-CVE-2008-1142-DISPLAY.patch?rev=1.1&view=markup submitted to BLFS-Dev by Ag Description: Fixes an expoitable vulnerability described at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1142 diff -urN rxvt-unicode-9.02.orig/src/init.C rxvt-unicode-9.02/src/init.C --- rxvt-unicode-9.02.orig/src/init.C 2008-05-04 20:16:26.000000000 +0200 +++ rxvt-unicode-9.02/src/init.C 2008-05-04 20:24:14.000000000 +0200 @@ -372,15 +372,16 @@ * Open display, get options/resources and create the window */ - if ((rs[Rs_display_name] = getenv ("DISPLAY")) == NULL) - rs[Rs_display_name] = ":0"; + rs[Rs_display_name] = getenv ("DISPLAY"); get_options (r_argc, r_argv); - if (!(display = displays.get (rs[Rs_display_name]))) + if (!rs[Rs_display_name] || !(display = displays.get (rs[Rs_display_name]))) { free (r_argv); - rxvt_fatal ("can't open display %s, aborting.\n", rs[Rs_display_name]); + rxvt_fatal ("can't open display %s, aborting.\n", + (rs[Rs_display_name] ? rs[Rs_display_name] : + "as no -display option given and DISPLAY not set")); } // using a local pointer decreases code size a lot