diff options
| author | Christian Duerr <contact@christianduerr.com> | 2020-11-26 00:57:44 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-26 00:57:44 +0000 |
| commit | a2727d06f77973c47e1909a5f426789d6531bda9 (patch) | |
| tree | 04cb2f53cec65697254dbd26560a68f102ff36f2 /alacritty_terminal | |
| parent | 07684281901b8d287221ade9b7c93a0f437a26f1 (diff) | |
| download | alacritty-a2727d06f77973c47e1909a5f426789d6531bda9.tar.gz alacritty-a2727d06f77973c47e1909a5f426789d6531bda9.zip | |
Fix DoS caused by excessive CSI parameter values
Diffstat (limited to 'alacritty_terminal')
| -rw-r--r-- | alacritty_terminal/Cargo.toml | 2 | ||||
| -rw-r--r-- | alacritty_terminal/src/ansi.rs | 22 | ||||
| -rw-r--r-- | alacritty_terminal/src/term/mod.rs | 6 |
3 files changed, 17 insertions, 13 deletions
diff --git a/alacritty_terminal/Cargo.toml b/alacritty_terminal/Cargo.toml index 330df913..64404e64 100644 --- a/alacritty_terminal/Cargo.toml +++ b/alacritty_terminal/Cargo.toml @@ -14,7 +14,7 @@ bitflags = "1" parking_lot = "0.11.0" serde = { version = "1", features = ["derive"] } serde_yaml = "0.8" -vte = { version = "0.9.0", default-features = false } +vte = { git = "https://github.com/alacritty/vte", default-features = false } mio = "0.6.20" mio-extras = "2" log = "0.4" diff --git a/alacritty_terminal/src/ansi.rs b/alacritty_terminal/src/ansi.rs index 7567eba2..4c50495c 100644 --- a/alacritty_terminal/src/ansi.rs +++ b/alacritty_terminal/src/ansi.rs @@ -31,9 +31,13 @@ fn parse_rgb_color(color: &[u8]) -> Option<Rgb> { // Scale values instead of filling with `0`s. let scale = |input: &str| { - let max = u32::pow(16, input.len() as u32) - 1; - let value = u32::from_str_radix(input, 16).ok()?; - Some((255 * value / max) as u8) + if input.len() > 4 { + None + } else { + let max = u32::pow(16, input.len() as u32) - 1; + let value = u32::from_str_radix(input, 16).ok()?; + Some((255 * value / max) as u8) + } }; Some(Rgb { r: scale(colors[0])?, g: scale(colors[1])?, b: scale(colors[2])? }) @@ -186,7 +190,7 @@ pub trait Handler { fn move_up_and_cr(&mut self, _: Line) {} /// Put `count` tabs. - fn put_tab(&mut self, _count: i64) {} + fn put_tab(&mut self, _count: u16) {} /// Backspace `count` characters. fn backspace(&mut self) {} @@ -236,10 +240,10 @@ pub trait Handler { fn delete_chars(&mut self, _: Column) {} /// Move backward `count` tabs. - fn move_backward_tabs(&mut self, _count: i64) {} + fn move_backward_tabs(&mut self, _count: u16) {} /// Move forward `count` tabs. - fn move_forward_tabs(&mut self, _count: i64) {} + fn move_forward_tabs(&mut self, _count: u16) {} /// Save current cursor position. fn save_cursor_position(&mut self) {} @@ -424,7 +428,7 @@ impl Mode { /// Create mode from a primitive. /// /// TODO lots of unhandled values. - pub fn from_primitive(intermediate: Option<&u8>, num: i64) -> Option<Mode> { + pub fn from_primitive(intermediate: Option<&u8>, num: u16) -> Option<Mode> { let private = match intermediate { Some(b'?') => true, None => false, @@ -968,7 +972,7 @@ where let handler = &mut self.handler; let writer = &mut self.writer; - let mut next_param_or = |default: i64| { + let mut next_param_or = |default: u16| { params_iter.next().map(|param| param[0]).filter(|¶m| param != 0).unwrap_or(default) }; @@ -1258,7 +1262,7 @@ fn attrs_from_sgr_parameters(params: &mut ParamsIter<'_>) -> Vec<Option<Attr>> { } /// Parse a color specifier from list of attributes. -fn parse_sgr_color(params: &mut dyn Iterator<Item = i64>) -> Option<Color> { +fn parse_sgr_color(params: &mut dyn Iterator<Item = u16>) -> Option<Color> { match params.next() { Some(2) => Some(Color::Spec(Rgb { r: u8::try_from(params.next()?).ok()?, diff --git a/alacritty_terminal/src/term/mod.rs b/alacritty_terminal/src/term/mod.rs index accb4dc1..cffba149 100644 --- a/alacritty_terminal/src/term/mod.rs +++ b/alacritty_terminal/src/term/mod.rs @@ -1691,7 +1691,7 @@ impl<T: EventListener> Handler for Term<T> { /// Insert tab at cursor position. #[inline] - fn put_tab(&mut self, mut count: i64) { + fn put_tab(&mut self, mut count: u16) { // A tab after the last column is the same as a linebreak. if self.grid.cursor.input_needs_wrap { self.wrapline(); @@ -1883,7 +1883,7 @@ impl<T: EventListener> Handler for Term<T> { } #[inline] - fn move_backward_tabs(&mut self, count: i64) { + fn move_backward_tabs(&mut self, count: u16) { trace!("Moving backward {} tabs", count); for _ in 0..count { @@ -1899,7 +1899,7 @@ impl<T: EventListener> Handler for Term<T> { } #[inline] - fn move_forward_tabs(&mut self, count: i64) { + fn move_forward_tabs(&mut self, count: u16) { trace!("[unimplemented] Moving forward {} tabs", count); } |