From a2727d06f77973c47e1909a5f426789d6531bda9 Mon Sep 17 00:00:00 2001 From: Christian Duerr Date: Thu, 26 Nov 2020 00:57:44 +0000 Subject: Fix DoS caused by excessive CSI parameter values --- alacritty_terminal/Cargo.toml | 2 +- alacritty_terminal/src/ansi.rs | 22 +++++++++++++--------- alacritty_terminal/src/term/mod.rs | 6 +++--- 3 files changed, 17 insertions(+), 13 deletions(-) (limited to 'alacritty_terminal') diff --git a/alacritty_terminal/Cargo.toml b/alacritty_terminal/Cargo.toml index 330df913..64404e64 100644 --- a/alacritty_terminal/Cargo.toml +++ b/alacritty_terminal/Cargo.toml @@ -14,7 +14,7 @@ bitflags = "1" parking_lot = "0.11.0" serde = { version = "1", features = ["derive"] } serde_yaml = "0.8" -vte = { version = "0.9.0", default-features = false } +vte = { git = "https://github.com/alacritty/vte", default-features = false } mio = "0.6.20" mio-extras = "2" log = "0.4" diff --git a/alacritty_terminal/src/ansi.rs b/alacritty_terminal/src/ansi.rs index 7567eba2..4c50495c 100644 --- a/alacritty_terminal/src/ansi.rs +++ b/alacritty_terminal/src/ansi.rs @@ -31,9 +31,13 @@ fn parse_rgb_color(color: &[u8]) -> Option { // Scale values instead of filling with `0`s. let scale = |input: &str| { - let max = u32::pow(16, input.len() as u32) - 1; - let value = u32::from_str_radix(input, 16).ok()?; - Some((255 * value / max) as u8) + if input.len() > 4 { + None + } else { + let max = u32::pow(16, input.len() as u32) - 1; + let value = u32::from_str_radix(input, 16).ok()?; + Some((255 * value / max) as u8) + } }; Some(Rgb { r: scale(colors[0])?, g: scale(colors[1])?, b: scale(colors[2])? }) @@ -186,7 +190,7 @@ pub trait Handler { fn move_up_and_cr(&mut self, _: Line) {} /// Put `count` tabs. - fn put_tab(&mut self, _count: i64) {} + fn put_tab(&mut self, _count: u16) {} /// Backspace `count` characters. fn backspace(&mut self) {} @@ -236,10 +240,10 @@ pub trait Handler { fn delete_chars(&mut self, _: Column) {} /// Move backward `count` tabs. - fn move_backward_tabs(&mut self, _count: i64) {} + fn move_backward_tabs(&mut self, _count: u16) {} /// Move forward `count` tabs. - fn move_forward_tabs(&mut self, _count: i64) {} + fn move_forward_tabs(&mut self, _count: u16) {} /// Save current cursor position. fn save_cursor_position(&mut self) {} @@ -424,7 +428,7 @@ impl Mode { /// Create mode from a primitive. /// /// TODO lots of unhandled values. - pub fn from_primitive(intermediate: Option<&u8>, num: i64) -> Option { + pub fn from_primitive(intermediate: Option<&u8>, num: u16) -> Option { let private = match intermediate { Some(b'?') => true, None => false, @@ -968,7 +972,7 @@ where let handler = &mut self.handler; let writer = &mut self.writer; - let mut next_param_or = |default: i64| { + let mut next_param_or = |default: u16| { params_iter.next().map(|param| param[0]).filter(|¶m| param != 0).unwrap_or(default) }; @@ -1258,7 +1262,7 @@ fn attrs_from_sgr_parameters(params: &mut ParamsIter<'_>) -> Vec> { } /// Parse a color specifier from list of attributes. -fn parse_sgr_color(params: &mut dyn Iterator) -> Option { +fn parse_sgr_color(params: &mut dyn Iterator) -> Option { match params.next() { Some(2) => Some(Color::Spec(Rgb { r: u8::try_from(params.next()?).ok()?, diff --git a/alacritty_terminal/src/term/mod.rs b/alacritty_terminal/src/term/mod.rs index accb4dc1..cffba149 100644 --- a/alacritty_terminal/src/term/mod.rs +++ b/alacritty_terminal/src/term/mod.rs @@ -1691,7 +1691,7 @@ impl Handler for Term { /// Insert tab at cursor position. #[inline] - fn put_tab(&mut self, mut count: i64) { + fn put_tab(&mut self, mut count: u16) { // A tab after the last column is the same as a linebreak. if self.grid.cursor.input_needs_wrap { self.wrapline(); @@ -1883,7 +1883,7 @@ impl Handler for Term { } #[inline] - fn move_backward_tabs(&mut self, count: i64) { + fn move_backward_tabs(&mut self, count: u16) { trace!("Moving backward {} tabs", count); for _ in 0..count { @@ -1899,7 +1899,7 @@ impl Handler for Term { } #[inline] - fn move_forward_tabs(&mut self, count: i64) { + fn move_forward_tabs(&mut self, count: u16) { trace!("[unimplemented] Moving forward {} tabs", count); } -- cgit v1.2.3-54-g00ecf