CERBERUS/kitty
1
0
Fork 0
mirror of https://github.com/kovidgoyal/kitty.git synced 2026-05-13 16:37:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix multiple security vulnerabilities across C, Python, and Go code

Browse source 
Timing-safe comparisons:
- crypto.c: Replace memcmp with CRYPTO_memcmp for Secret equality,
  require equal lengths before comparing
- remote_control.py: Constant-time password lookup to avoid leaking
  valid passwords via dict hash timing
- file_transmission.py: Use hmac.compare_digest for bypass token
  comparison instead of ==

Memory safety:
- child-monitor.c: Fix inverted condition in write_to_peer that
  prevented memmove from ever executing on partial writes
- ibus_glfw.c: Null-terminate IBUS_ADDRESS copy to prevent string
  overread when strlen >= PATH_MAX
- x11_window.c: Add NULL checks after realloc in clipboard/DnD
  data handling (two sites)
- dnd.c: Cap accepted_mimes at 1MB to prevent unbounded growth,
  fix realloc to not lose the original pointer on failure
- png-reader.c: Cast to size_t before multiplication to prevent
  integer overflow on 32-bit platforms

Secrets hygiene:
- disk-cache.c: Zero encryption_key with explicit_bzero before free

Tar extraction hardening:
- tar.go: Validate hardlink targets against destination prefix to
  prevent writing outside extraction directory
- tar.go: Strip setuid/setgid/sticky bits from extracted files

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
z3rco 2026-04-03 16:10:46 +01:00
parent 0619c7e435
commit b39f88c6a2
10 changed files with 44 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tools/utils/tar.go
View file

@ -182,7 +182,7 @@ func ExtractAllFromTar(tr *tar.Reader, dest_path string, optss ...TarExtractOpti
dest_path = filepath.Clean(dest_path)
mode := func(hdr int64) fs.FileMode {
return fs.FileMode(hdr) & (fs.ModePerm | fs.ModeSetgid | fs.ModeSetuid | fs.ModeSticky)
return fs.FileMode(hdr) & fs.ModePerm
}
set_metadata := func(chmod func(mode fs.FileMode) error, hdr_mode int64) (err error) {
@ -250,6 +250,12 @@ func ExtractAllFromTar(tr *tar.Reader, dest_path string, optss ...TarExtractOpti
if !filepath.IsAbs(link_target) {
link_target = filepath.Join(filepath.Dir(dest), link_target)
}
if link_target, err = EvalSymlinksThatExist(link_target); err != nil {
return
}
if !strings.HasPrefix(link_target, needed_prefix) {
continue
}
if err = os.Link(link_target, dest); err != nil {
return
}