set upper limit for REP escape sequence argument
Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times,
making st unresponsive. This commit allows repeating the last character
at most 65535 times in order to prevent freezing and DoS attacks.
This commit is contained in:
Tommi Hirvola
Hiltjo Posthuma
parent
7473a8d1a5
commit
95f22c5305
1 changed files with 1 additions and 1 deletions
2
st.c
2
st.c
|
|
@ -1643,7 +1643,7 @@ csihandle(void)
|
|||
ttywrite(vtiden, strlen(vtiden), 0);
|
||||
break;
|
||||
case 'b': /* REP -- if last char is printable print it <n> more times */
|
||||
DEFAULT(csiescseq.arg[0], 1);
|
||||
LIMIT(csiescseq.arg[0], 1, 65535);
|
||||
if (term.lastc)
|
||||
while (csiescseq.arg[0]-- > 0)
|
||||
tputc(term.lastc);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue