diff options
| author | Tommi Hirvola <tommi@hirvola.fi> | 2024-03-04 12:56:30 +0200 |
|---|---|---|
| committer | Hiltjo Posthuma <hiltjo@codemadness.org> | 2024-03-04 23:50:58 +0100 |
| commit | 95f22c53059ccd60ee701ccf2659dacd95e4e89a (patch) | |
| tree | 5aa7ce5934a04364062d6b5151a949c4483dc75e | |
| parent | 7473a8d1a57e5f9aba41b953f4e498c35e1c9dc5 (diff) | |
| download | st-95f22c53059ccd60ee701ccf2659dacd95e4e89a.tar.xz st-95f22c53059ccd60ee701ccf2659dacd95e4e89a.zip | |
set upper limit for REP escape sequence argument
Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times,
making st unresponsive. This commit allows repeating the last character
at most 65535 times in order to prevent freezing and DoS attacks.
| -rw-r--r-- | st.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1643,7 +1643,7 @@ csihandle(void) ttywrite(vtiden, strlen(vtiden), 0); break; case 'b': /* REP -- if last char is printable print it <n> more times */ - DEFAULT(csiescseq.arg[0], 1); + LIMIT(csiescseq.arg[0], 1, 65535); if (term.lastc) while (csiescseq.arg[0]-- > 0) tputc(term.lastc); |