Submitted By:            Randy McMurchy <randy_at_linuxfromscratch_dot_org>
Date:                    2008-05-14
Initial Package Version: 9.02
Upstream Status:         Unknown (nothing mentioned in upstream mailing list
                         logs or added to upstream CVS)
Origin:                  http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/rxvt-unicode/files/rxvt-unicode-9.02-CVE-2008-1142-DISPLAY.patch?rev=1.1&view=markup
                         submitted to BLFS-Dev by Ag

Description:             Fixes an expoitable vulnerability described at
                         http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1142


diff -urN rxvt-unicode-9.02.orig/src/init.C rxvt-unicode-9.02/src/init.C
--- rxvt-unicode-9.02.orig/src/init.C	2008-05-04 20:16:26.000000000 +0200
+++ rxvt-unicode-9.02/src/init.C	2008-05-04 20:24:14.000000000 +0200
@@ -372,15 +372,16 @@
    * Open display, get options/resources and create the window
    */
 
-  if ((rs[Rs_display_name] = getenv ("DISPLAY")) == NULL)
-    rs[Rs_display_name] = ":0";
+  rs[Rs_display_name] = getenv ("DISPLAY");
 
   get_options (r_argc, r_argv);
 
-  if (!(display = displays.get (rs[Rs_display_name])))
+  if (!rs[Rs_display_name] || !(display = displays.get (rs[Rs_display_name])))
     {
       free (r_argv);
-      rxvt_fatal ("can't open display %s, aborting.\n", rs[Rs_display_name]);
+      rxvt_fatal ("can't open display %s, aborting.\n", 
+                  (rs[Rs_display_name] ? rs[Rs_display_name] : 
+                   "as no -display option given and DISPLAY not set"));
     }
 
   // using a local pointer decreases code size a lot