On Mon, Mar 04, 2024 at 12:56:30PM +0200, Tommi Hirvola wrote: > Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times, > making st unresponsive. This commit allows repeating the last character > at most 65535 times in order to prevent freezing and DoS attacks. > --- > st.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/st.c b/st.c > index 77c3e8a..683493d 100644 > --- a/st.c > +++ b/st.c > @@ -1643,7 +1643,7 @@ csihandle(void) > ttywrite(vtiden, strlen(vtiden), 0); > break; > case 'b': /* REP -- if last char is printable print it <n> more times */ > - DEFAULT(csiescseq.arg[0], 1); > + LIMIT(csiescseq.arg[0], 1, 65535); > if (term.lastc) > while (csiescseq.arg[0]-- > 0) > tputc(term.lastc); > -- > 2.39.2 > >
Hi, I'm not sure about it. You could still chain REP sequences and "DoS" it. For untrusted input one should be careful about escape sequences anyway. -- Kind regards, Hiltjo