diff options
| author | Tommi Hirvola <tommi@hirvola.fi> | 2024-03-04 12:56:30 +0200 |
|---|---|---|
| committer | Rafael Marçalo <raroma09@gmail.com> | 2024-03-05 09:46:54 +0000 |
| commit | 211007cfbe7c6c923ca4f1c99dc239998e64b6c7 (patch) | |
| tree | d59e6db36051f4e494b74c946b417bf17bf56a5a | |
| parent | e9a1c1fe3ea43c44c24347acdec1f9952dfcea02 (diff) | |
set upper limit for REP escape sequence argument
Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times,
making st unresponsive. This commit allows repeating the last character
at most 65535 times in order to prevent freezing and DoS attacks.
| -rw-r--r-- | st.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1705,7 +1705,7 @@ csihandle(void) ttywrite(vtiden, strlen(vtiden), 0); break; case 'b': /* REP -- if last char is printable print it <n> more times */ - DEFAULT(csiescseq.arg[0], 1); + LIMIT(csiescseq.arg[0], 1, 65535); if (term.lastc) while (csiescseq.arg[0]-- > 0) tputc(term.lastc); |