asedeno.scripts.mit.edu Git - PuTTY.git/commit

]> asedeno.scripts.mit.edu Git - PuTTY.git/commit

author	Ben Harris <bjh21@bjh21.me.uk>
	Wed, 7 Oct 2015 22:54:39 +0000 (23:54 +0100)
committer	Ben Harris <bjh21@bjh21.me.uk>
	Wed, 28 Oct 2015 22:08:19 +0000 (22:08 +0000)
commit	e3fe709a8f6a633647088e9ed7264be5fb740426
tree	e3e31dbcc64740a82b334c1ffe66e8935adb60da	tree \| snapshot
parent	1a009ab2e9d9f0baa5ff98d295d4ec7afd9ff2f9	commit \| diff

More robust control sequence parameter handling.

Parameters are now accumulated in unsigned integers and carefully checked
for overflow (which is turned into saturation).  Things that consume them
now have explicit range checks (again, saturating) to ensure that their
inputs are sane.  This should make it much harder to cause overflow by
supplying ludicrously large numbers.

Fixes two bugs found with the help of afl-fuzz.  One of them may be
exploitable and is CVE-2015-5309.

terminal.c		diff \| blob \| history
terminal.h		diff \| blob \| history

local copy of git://git.tartarus.org/simon/putty.git

RSS Atom