Cap escape sequence parameters to prevent long loops.

Fixes #271 github issue.
author: Keith Winstein <keithw@mit.edu> 2012-05-15 23:46:09 -0400
committer: Keith Winstein <keithw@mit.edu> 2012-05-15 23:46:09 -0400
commit: 9791768705528e911bfca6c4d8aa88139035060e (patch)
tree: 1dda20fbcd2deb0017cd831e178cbb5d99a2a2a6
parent: dee09fb8fcaab9abcecb748be5b31088b9c2b987 (diff)
2 files changed, 8 insertions, 0 deletions
diff --git a/src/terminal/terminaldispatcher.cc b/src/terminal/terminaldispatcher.cc
index ae02bff..de07b80 100644
--- a/src/terminal/terminaldispatcher.cc
+++ b/src/terminal/terminaldispatcher.cc
@@ -116,6 +116,11 @@ int Dispatcher::getparam( size_t N, int defaultval )
   if ( parsed_params.size() > N ) {
     ret = parsed_params[ N ];
   }
+
+  if ( ret > PARAM_MAX ) {
+    ret = defaultval;
+  }
+
   if ( ret < 1 ) ret = defaultval;
 
   return ret;
diff --git a/src/terminal/terminaldispatcher.h b/src/terminal/terminaldispatcher.h
index bdad3c1..f5f801c 100644
--- a/src/terminal/terminaldispatcher.h
+++ b/src/terminal/terminaldispatcher.h
@@ -77,6 +77,9 @@ namespace Terminal {
     void parse_params( void );
 
   public:
+    static const int PARAM_MAX = 65535;
+    /* prevent evil escape sequences from causing long loops */
+
     std::string terminal_to_host; /* this is the reply string */
 
     Dispatcher();
author	Keith Winstein <keithw@mit.edu>	2012-05-15 23:46:09 -0400
committer	Keith Winstein <keithw@mit.edu>	2012-05-15 23:46:09 -0400
commit	9791768705528e911bfca6c4d8aa88139035060e (patch)
tree	1dda20fbcd2deb0017cd831e178cbb5d99a2a2a6
parent	dee09fb8fcaab9abcecb748be5b31088b9c2b987 (diff)