On Mon, Mar 04, 2024 at 12:56:30PM +0200, Tommi Hirvola wrote:
> Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times,
> making st unresponsive. This commit allows repeating the last character
> at most 65535 times in order to prevent freezing and DoS attacks.
> ---
> st.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/st.c b/st.c
> index 77c3e8a..683493d 100644
> --- a/st.c
> +++ b/st.c
> _AT_@ -1643,7 +1643,7 @@ csihandle(void)
> ttywrite(vtiden, strlen(vtiden), 0);
> break;
> case 'b': /* REP -- if last char is printable print it <n> more times */
> - DEFAULT(csiescseq.arg[0], 1);
> + LIMIT(csiescseq.arg[0], 1, 65535);
> if (term.lastc)
> while (csiescseq.arg[0]-- > 0)
> tputc(term.lastc);
> --
> 2.39.2
>
>
Hi,
I'm not sure about it. You could still chain REP sequences and "DoS" it.
For untrusted input one should be careful about escape sequences anyway.
--
Kind regards,
Hiltjo
Received on Mon Mar 04 2024 - 13:55:29 CET