[hackers] [st][PATCH] set upper limit for REP escape sequence argument

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Tommi Hirvola <tommi_AT_hirvola.fi>
Date: Mon, 4 Mar 2024 12:56:30 +0200

Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times,
making st unresponsive. This commit allows repeating the last character
at most 65535 times in order to prevent freezing and DoS attacks.

---
 st.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/st.c b/st.c
index 77c3e8a..683493d 100644
--- a/st.c
+++ b/st.c
_AT_@ -1643,7 +1643,7 @@ csihandle(void)
 			ttywrite(vtiden, strlen(vtiden), 0);
 		break;
 	case 'b': /* REP -- if last char is printable print it <n> more times */
-		DEFAULT(csiescseq.arg[0], 1);
+		LIMIT(csiescseq.arg[0], 1, 65535);
 		if (term.lastc)
 			while (csiescseq.arg[0]-- > 0)
 				tputc(term.lastc);
-- 
2.39.2

Received on Mon Mar 04 2024 - 11:56:30 CET

This archive was generated by hypermail 2.3.0 : Mon Mar 04 2024 - 12:00:37 CET