$NetBSD: patch-ab,v 1.5 2009/03/06 00:20:27 snj Exp $

Fix default display vulnerability (CVE-2008-1142).

--- src/init.C.orig	2009-02-23 15:19:50.000000000 -0800
+++ src/init.C	2009-02-23 15:20:33.000000000 -0800
@@ -372,11 +372,13 @@ rxvt_term::init_resources (int argc, con
    * Open display, get options/resources and create the window
    */
 
-  if ((rs[Rs_display_name] = getenv ("DISPLAY")) == NULL)
-    rs[Rs_display_name] = ":0";
+  rs[Rs_display_name] = getenv ("DISPLAY");
 
   get_options (r_argc, r_argv);
 
+  if (!rs[Rs_display_name])
+    rxvt_fatal ("no display given and DISPLAY not set, aborting.\n");
+
   if (!(display = displays.get (rs[Rs_display_name])))
     {
       free (r_argv);