set upper limit for REP escape sequence argument
Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times, making st unresponsive. This commit allows repeating the last character at most 65535 times in order to prevent freezing and DoS attacks.
This commit is contained in:
parent
7473a8d1a5
commit
95f22c5305
2
st.c
2
st.c
|
@ -1643,7 +1643,7 @@ csihandle(void)
|
||||||
ttywrite(vtiden, strlen(vtiden), 0);
|
ttywrite(vtiden, strlen(vtiden), 0);
|
||||||
break;
|
break;
|
||||||
case 'b': /* REP -- if last char is printable print it <n> more times */
|
case 'b': /* REP -- if last char is printable print it <n> more times */
|
||||||
DEFAULT(csiescseq.arg[0], 1);
|
LIMIT(csiescseq.arg[0], 1, 65535);
|
||||||
if (term.lastc)
|
if (term.lastc)
|
||||||
while (csiescseq.arg[0]-- > 0)
|
while (csiescseq.arg[0]-- > 0)
|
||||||
tputc(term.lastc);
|
tputc(term.lastc);
|
||||||
|
|
Loading…
Reference in New Issue