Cap escape sequence parameters to prevent long loops.

Fixes #271 github issue.
mobile-shell · May 16, 2012 · 9791768 · 9791768
1 parent dee09fb
commit 9791768
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/src/terminal/terminaldispatcher.cc b/src/terminal/terminaldispatcher.cc
@@ -116,6 +116,11 @@ int Dispatcher::getparam( size_t N, int defaultval )
   if ( parsed_params.size() > N ) {
     ret = parsed_params[ N ];
   }
+
+  if ( ret > PARAM_MAX ) {
+    ret = defaultval;
+  }
+
   if ( ret < 1 ) ret = defaultval;
 
   return ret;

diff --git a/src/terminal/terminaldispatcher.h b/src/terminal/terminaldispatcher.h
@@ -77,6 +77,9 @@ namespace Terminal {
     void parse_params( void );
 
   public:
+    static const int PARAM_MAX = 65535;
+    /* prevent evil escape sequences from causing long loops */
+
     std::string terminal_to_host; /* this is the reply string */
 
     Dispatcher();