]> asedeno.scripts.mit.edu Git - PuTTY.git/commitdiff
projects / PuTTY.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b81798)
Hack to work around the rootshell.com xterm DoS problem. A better
authorSimon Tatham <anakin@pobox.com>
Mon, 5 Jun 2000 16:33:58 +0000 (16:33 +0000)
committerSimon Tatham <anakin@pobox.com>
Mon, 5 Jun 2000 16:33:58 +0000 (16:33 +0000)
fix might be possible, but it's unclear whether this is a productive
strategy in the long term.

[originally from svn r495]

terminal.c patch | blob | history

diff --git a/terminal.c b/terminal.c
index 1de4f3b61ccb7040b17e3ccf160a4cbed0f7dcfa..392ce7ff00ec0de557f6559981ea2199b54b7725 100644 (file)
--- a/terminal.c
+++ b/terminal.c
@@ -1209,7 +1209,11 @@ void term_out(void) {
                 */
                compatibility(VT340TEXT);
                if (esc_nargs<=1 && (esc_args[0]<1 || esc_args[0]>=24)) {
-                   request_resize (cols, def(esc_args[0], 24), 0);
+                   unsigned int newrows = def(esc_args[0], 24);
+                   /* Hack: prevent big-resize DoS attack. */
+                   if (newrows > max(512, cfg.height))
+                       newrows = max(512, cfg.height);
+                   request_resize (cols, newrows, 0);
                    deselect();
                }
                break;
@@ -1221,7 +1225,11 @@ void term_out(void) {
                 */
                compatibility(VT420);
                if (esc_nargs==1 && esc_args[0]>=24) {
-                   request_resize (cols, def(esc_args[0], cfg.height), 0);
+                   unsigned int newrows = def(esc_args[0], cfg.height);
+                   /* Hack: prevent big-resize DoS attack. */
+                   if (newrows > max(512, cfg.height))
+                       newrows = max(512, cfg.height);
+                   request_resize (cols, newrows, 0);
                    deselect();
                }
                break;
@@ -1232,7 +1240,11 @@ void term_out(void) {
                 */
                compatibility(VT340TEXT);
                if (esc_nargs<=1) {
-                   request_resize (cols, def(esc_args[0], cfg.width), 0);
+                   unsigned int newcols = def(esc_args[0], cfg.width);
+                   /* Hack: prevent big-resize DoS attack. */
+                   if (newcols > max(512, cfg.width))
+                       newcols = max(512, cfg.width);
+                   request_resize (newcols, rows, 0);
                    deselect();
                }
                break;
local copy of git://git.tartarus.org/simon/putty.git