From e4144832645aa437e9cfb4914ca0a358ae74724d Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Fri, 24 Apr 2026 17:25:00 +0530 Subject: [PATCH] Sanitize ssh kitten shm open error message when sending over tty This prevents sending attacker controlled data over the tty where it might end up getting evaled by the shell if the user is doing something like cat of unsanitized data into the terminal (something that should never be done). --- kittens/ssh/utils.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kittens/ssh/utils.py b/kittens/ssh/utils.py index f7d3ad34d..785d8e758 100644 --- a/kittens/ssh/utils.py +++ b/kittens/ssh/utils.py @@ -155,7 +155,9 @@ def get_ssh_data(msgb: memoryview, request_id: str) -> Iterator[bytes|memoryview raise ValueError(f'Incorrect request id: {rq_id!r} expecting the KITTY_PID-KITTY_WINDOW_ID for the current kitty window') except Exception as e: traceback.print_exc() - yield f'{e}\n'.encode() + import re + msg = re.sub(r'[^a-zA-Z0-9 ]+', '_', str(e)) + yield f'{msg}\n'.encode() else: yield b'OK\n' encoded_data = memoryview(env_data['tarfile'].encode('ascii'))