Since sid is used as a string, here's a cheap way to increase its
complexity by more than 10^7 without increasing its length, simply
by adding mixed-case letters (this is what I've done on systems
where I use the application and it works fine):


--- /usr/share/ajaxterm/ajaxterm.js     2009-02-17 13:40:43.000000000 +0000
+++ ajaxterm.js 2009-05-17 17:49:30.000000000 +0000
@@ -3,7 +3,17 @@
        var ie=0;
        if(window.ActiveXObject)
                ie=1;
-       var sid=""+Math.round(Math.random()*1000000000);
+
+       // mitigate CVE-2009-1629
+       var sid_arr = ( 
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" ).split();
+       var sid_inc = 0;
+       var sid_arr_pos = 0;
+       var sid = "";
+       for (sid_inc = 0 ; sid_inc < 10 ; sid_inc++){
+               sid_arr_pos = RandRange( 0, (sid_arr.length - 1), sid_inc );
+               sid += sid_arr[ sid_arr_pos ];
+       }
+
        var query0="s="+sid+"&w="+width+"&h="+height;
        var query1=query0+"&c=1&k=";
        var buf="";


Further complexity can be added by putting additional safe
characters in sid_arr or increasing the iteration cap in the for
loop (thus extending the length of the string). Hope this helps!
-- 
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fu...@yuggoth.org); IRC(fu...@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fu...@yuggoth.org);
MUD(fu...@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to