~mdw / sgt / putty / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 572f871)
Hack to work around the rootshell.com xterm DoS problem. A better
authorsimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Mon, 5 Jun 2000 16:33:58 +0000 (16:33 +0000)
committersimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Mon, 5 Jun 2000 16:33:58 +0000 (16:33 +0000)
fix might be possible, but it's unclear whether this is a productive
strategy in the long term.

git-svn-id: svn://svn.tartarus.org/sgt/putty@495 cda61777-01e9-0310-a592-d414129be87e

terminal.c patch | blob | blame | history

diff --git a/terminal.c b/terminal.c
index 1de4f3b..392ce7f 100644 (file)
--- a/terminal.c
+++ b/terminal.c
@@ -1209,7 +1209,11 @@ void term_out(void) {
                 */
                compatibility(VT340TEXT);
                if (esc_nargs<=1 && (esc_args[0]<1 || esc_args[0]>=24)) {
-                   request_resize (cols, def(esc_args[0], 24), 0);
+                   unsigned int newrows = def(esc_args[0], 24);
+                   /* Hack: prevent big-resize DoS attack. */
+                   if (newrows > max(512, cfg.height))
+                       newrows = max(512, cfg.height);
+                   request_resize (cols, newrows, 0);
                    deselect();
                }
                break;
@@ -1221,7 +1225,11 @@ void term_out(void) {
                 */
                compatibility(VT420);
                if (esc_nargs==1 && esc_args[0]>=24) {
-                   request_resize (cols, def(esc_args[0], cfg.height), 0);
+                   unsigned int newrows = def(esc_args[0], cfg.height);
+                   /* Hack: prevent big-resize DoS attack. */
+                   if (newrows > max(512, cfg.height))
+                       newrows = max(512, cfg.height);
+                   request_resize (cols, newrows, 0);
                    deselect();
                }
                break;
@@ -1232,7 +1240,11 @@ void term_out(void) {
                 */
                compatibility(VT340TEXT);
                if (esc_nargs<=1) {
-                   request_resize (cols, def(esc_args[0], cfg.width), 0);
+                   unsigned int newcols = def(esc_args[0], cfg.width);
+                   /* Hack: prevent big-resize DoS attack. */
+                   if (newcols > max(512, cfg.width))
+                       newcols = max(512, cfg.width);
+                   request_resize (newcols, rows, 0);
                    deselect();
                }
                break;
Simon Tatham's PuTTY GUI SSH client; import of svn://svn.tartarus.org/sgt/putty