0121-w: Clamp maxcmd to the MIN/MAX_CMD_WIDTH range.
The current checks allow out-of-range values (for example, if getenv/atoi returns ~-2GB, maxcmd becomes ~+2GB after the subtraction). This is not a security problem, none of this is under an attacker's control.
This commit is contained in:
parent
e24804a9de
commit
eaec2d0977
11
w.c
11
w.c
@ -626,11 +626,14 @@ int main(int argc, char **argv)
|
||||
maxcmd = atoi(p);
|
||||
else
|
||||
maxcmd = MAX_CMD_WIDTH;
|
||||
if (MAX_CMD_WIDTH < maxcmd)
|
||||
maxcmd = MAX_CMD_WIDTH;
|
||||
#define CLAMP_CMD_WIDTH(cw) do { \
|
||||
if ((cw) < MIN_CMD_WIDTH) (cw) = MIN_CMD_WIDTH; \
|
||||
if ((cw) > MAX_CMD_WIDTH) (cw) = MAX_CMD_WIDTH; \
|
||||
} while (0)
|
||||
CLAMP_CMD_WIDTH(maxcmd);
|
||||
maxcmd -= 21 + userlen + (from ? fromlen : 0) + (longform ? 20 : 0);
|
||||
if (maxcmd < MIN_CMD_WIDTH)
|
||||
maxcmd = MIN_CMD_WIDTH;
|
||||
CLAMP_CMD_WIDTH(maxcmd);
|
||||
#undef CLAMP_CMD_WIDTH
|
||||
|
||||
|
||||
if (header) {
|
||||
|
Loading…
Reference in New Issue
Block a user