izackp/mosh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent integer overflow of very large escape sequence params. Fixes #274.

Browse Source
This commit is contained in:
Keith Winstein
2012-05-16 12:16:50 -04:00
parent b0e05776f1
commit 1cf12f9e9b
1 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/terminal/terminaldispatcher.cc
+14 -6
View File
@@ -81,10 +81,16 @@ void Dispatcher::parse_params( void )
errno = 0; errno = 0;
char *endptr; char *endptr;
int val = strtol( segment_begin, &endptr, 10 ); long val = strtol( segment_begin, &endptr, 10 );
if ( endptr == segment_begin ) { if ( endptr == segment_begin ) {
val = -1; val = -1;
} }
if ( val > PARAM_MAX || errno == ERANGE ) {
val = -1;
errno = 0;
}
if ( errno == 0 || segment_begin == endptr ) { if ( errno == 0 || segment_begin == endptr ) {
parsed_params.push_back( val ); parsed_params.push_back( val );
} }
@@ -95,10 +101,16 @@ void Dispatcher::parse_params( void )
/* get last param */ /* get last param */
errno = 0; errno = 0;
char *endptr; char *endptr;
int val = strtol( segment_begin, &endptr, 10 ); long val = strtol( segment_begin, &endptr, 10 );
if ( endptr == segment_begin ) { if ( endptr == segment_begin ) {
val = -1; val = -1;
} }
if ( val > PARAM_MAX || errno == ERANGE ) {
val = -1;
errno = 0;
}
if ( errno == 0 || segment_begin == endptr ) { if ( errno == 0 || segment_begin == endptr ) {
parsed_params.push_back( val ); parsed_params.push_back( val );
} }
@@ -117,10 +129,6 @@ int Dispatcher::getparam( size_t N, int defaultval )
ret = parsed_params[ N ]; ret = parsed_params[ N ];
} }
if ( ret > PARAM_MAX ) {
ret = defaultval;
}
if ( ret < 1 ) ret = defaultval; if ( ret < 1 ) ret = defaultval;
return ret; return ret;