st
simple terminal
git clone https://9o.is/git/st.git
commit 33dfe877d83ba079a6d26cf40e3191396c38393f
parent 8ccab2e68b15e8396effc21fa2ae509b140d7639
Author: Tommi Hirvola <tommi@hirvola.fi>
Date: Mon, 4 Mar 2024 12:56:30 +0200
set upper limit for REP escape sequence argument
Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times,
making st unresponsive. This commit allows repeating the last character
at most 65535 times in order to prevent freezing and DoS attacks.
Diffstat:
| M | st.c | | | 2 | +- |
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/st.c b/st.c @@ -1643,7 +1643,7 @@ csihandle(void) ttywrite(vtiden, strlen(vtiden), 0); break; case 'b': /* REP -- if last char is printable print it <n> more times */ - DEFAULT(csiescseq.arg[0], 1); + LIMIT(csiescseq.arg[0], 1, 65535); if (term.lastc) while (csiescseq.arg[0]-- > 0) tputc(term.lastc);