]> asedeno.scripts.mit.edu Git - PuTTY.git/commit
More robust control sequence parameter handling.
authorBen Harris <bjh21@bjh21.me.uk>
Wed, 7 Oct 2015 22:54:39 +0000 (23:54 +0100)
committerBen Harris <bjh21@bjh21.me.uk>
Wed, 28 Oct 2015 22:08:19 +0000 (22:08 +0000)
commite3fe709a8f6a633647088e9ed7264be5fb740426
treee3e31dbcc64740a82b334c1ffe66e8935adb60da
parent1a009ab2e9d9f0baa5ff98d295d4ec7afd9ff2f9
More robust control sequence parameter handling.

Parameters are now accumulated in unsigned integers and carefully checked
for overflow (which is turned into saturation).  Things that consume them
now have explicit range checks (again, saturating) to ensure that their
inputs are sane.  This should make it much harder to cause overflow by
supplying ludicrously large numbers.

Fixes two bugs found with the help of afl-fuzz.  One of them may be
exploitable and is CVE-2015-5309.
terminal.c
terminal.h