Hack to work around the rootshell.com xterm DoS problem. A better

fix might be possible, but it's unclear whether this is a productive strategy in the long term. [originally from svn r495]
2025-01-09 17:38:00 +00:00 · 2000-06-05 16:33:58 +00:00 · 2000-06-05 16:33:58 +00:00 · e0fac426c5
commit e0fac426c5
parent 6b81798205
1 changed files with 15 additions and 3 deletions
--- a/terminal.c
+++ b/terminal.c
@ -1209,7 +1209,11 @@ void term_out(void) {
 		 */
 		compatibility(VT340TEXT);
 		if (esc_nargs<=1 && (esc_args[0]<1 || esc_args[0]>=24)) {
-		    request_resize (cols, def(esc_args[0], 24), 0);
+		    unsigned int newrows = def(esc_args[0], 24);
+		    /* Hack: prevent big-resize DoS attack. */
+		    if (newrows > max(512, cfg.height))
+			newrows = max(512, cfg.height);
+		    request_resize (cols, newrows, 0);
 		    deselect();
 		}
 		break;
@ -1221,7 +1225,11 @@ void term_out(void) {
 		 */
 		compatibility(VT420);
 		if (esc_nargs==1 && esc_args[0]>=24) {
-		    request_resize (cols, def(esc_args[0], cfg.height), 0);
+		    unsigned int newrows = def(esc_args[0], cfg.height);
+		    /* Hack: prevent big-resize DoS attack. */
+		    if (newrows > max(512, cfg.height))
+			newrows = max(512, cfg.height);
+		    request_resize (cols, newrows, 0);
 		    deselect();
 		}
 		break;
@ -1232,7 +1240,11 @@ void term_out(void) {
 		 */
 		compatibility(VT340TEXT);
 		if (esc_nargs<=1) {
-		    request_resize (cols, def(esc_args[0], cfg.width), 0);
+		    unsigned int newcols = def(esc_args[0], cfg.width);
+		    /* Hack: prevent big-resize DoS attack. */
+		    if (newcols > max(512, cfg.width))
+			newcols = max(512, cfg.width);
+		    request_resize (newcols, rows, 0);
 		    deselect();
 		}
 		break;