set upper limit for REP escape sequence argument

Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times,
making st unresponsive. This commit allows repeating the last character
at most 65535 times in order to prevent freezing and DoS attacks.
This commit is contained in:
Tommi Hirvola 2024-03-04 12:56:30 +02:00 committed by Hiltjo Posthuma
parent 7473a8d1a5
commit 95f22c5305
1 changed files with 1 additions and 1 deletions

2
st.c
View File

@ -1643,7 +1643,7 @@ csihandle(void)
ttywrite(vtiden, strlen(vtiden), 0); ttywrite(vtiden, strlen(vtiden), 0);
break; break;
case 'b': /* REP -- if last char is printable print it <n> more times */ case 'b': /* REP -- if last char is printable print it <n> more times */
DEFAULT(csiescseq.arg[0], 1); LIMIT(csiescseq.arg[0], 1, 65535);
if (term.lastc) if (term.lastc)
while (csiescseq.arg[0]-- > 0) while (csiescseq.arg[0]-- > 0)
tputc(term.lastc); tputc(term.lastc);