Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Cap escape sequence parameters to prevent long loops.

Fixes #271 github issue.
  • Loading branch information...
commit 9791768705528e911bfca6c4d8aa88139035060e 1 parent dee09fb
@keithw authored
View
5 src/terminal/terminaldispatcher.cc
@@ -116,6 +116,11 @@ int Dispatcher::getparam( size_t N, int defaultval )
if ( parsed_params.size() > N ) {
ret = parsed_params[ N ];
}
+
+ if ( ret > PARAM_MAX ) {
+ ret = defaultval;
+ }
+
if ( ret < 1 ) ret = defaultval;
return ret;
View
3  src/terminal/terminaldispatcher.h
@@ -77,6 +77,9 @@ namespace Terminal {
void parse_params( void );
public:
+ static const int PARAM_MAX = 65535;
+ /* prevent evil escape sequences from causing long loops */
+
std::string terminal_to_host; /* this is the reply string */
Dispatcher();
Please sign in to comment.
Something went wrong with that request. Please try again.