[hackers] [st][PATCH] set upper limit for REP escape sequence argument

2024-03-04 Thread Tommi Hirvola
Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times, making st unresponsive. This commit allows repeating the last character at most 65535 times in order to prevent freezing and DoS attacks. --- st.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/st.c b/st.

Re: [hackers] [st][PATCH] set upper limit for REP escape sequence argument

2024-03-04 Thread Hiltjo Posthuma
On Mon, Mar 04, 2024 at 12:56:30PM +0200, Tommi Hirvola wrote: > Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times, > making st unresponsive. This commit allows repeating the last character > at most 65535 times in order to prevent freezing and DoS attacks. > --- > st.c | 2 +

[hackers] [sbase][PATCH] Add implementation of realpath(1)

2024-03-04 Thread Elie Le Vaillant
--- .gitignore | 1 + Makefile | 1 + realpath.c | 34 ++ 3 files changed, 36 insertions(+) create mode 100644 realpath.c diff --git a/.gitignore b/.gitignore index e789e24..f1ce1c2 100644 --- a/.gitignore +++ b/.gitignore @@ -57,6 +57,7 @@ /printf /pwd /re

[hackers] [sbase][PATCH] realpath: add man pages

2024-03-04 Thread Elie Le Vaillant
--- readlink.1 | 1 + realpath.1 | 20 2 files changed, 21 insertions(+) create mode 100644 realpath.1 diff --git a/readlink.1 b/readlink.1 index 46b4cad..d5993ce 100644 --- a/readlink.1 +++ b/readlink.1 @@ -28,5 +28,6 @@ by recursively following every symlink in its path c

Re: [hackers] [st][PATCH] set upper limit for REP escape sequence argument

2024-03-04 Thread Tommi Hirvola
On Mon, Mar 04, 2024 at 01:55:29PM +0100, Hiltjo Posthuma wrote: > I'm not sure about it. You could still chain REP sequences and "DoS" it. Fortunately, chained REP sequences can be terminated with ^C. You can try this by copy-pasting the following line into st and pressing CTRL+C: $ for i in $(s

[hackers] [sbase][PATCH] libutil/random: better random seed

2024-03-04 Thread Elie Le Vaillant
Thanks NRK --- libutil/random.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libutil/random.c b/libutil/random.c index 780ba29..6b795a9 100644 --- a/libutil/random.c +++ b/libutil/random.c @@ -1,4 +1,5 @@ #include +#include #include static uint64_t globalstate; @@

[hackers] [sbase][PATCH] cron: fix repeat for random, and format code

2024-03-04 Thread Elie Le Vaillant
--- cron.c | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/cron.c b/cron.c index e95c661..9da0c8a 100644 --- a/cron.c +++ b/cron.c @@ -287,19 +287,17 @@ parserange(char *str, long low, long high, struct range *r) r->repeat = strtol(repeat, &e, 10);

[hackers] [st] set upper limit for REP escape sequence argument || Tommi Hirvola

2024-03-04 Thread git
commit 95f22c53059ccd60ee701ccf2659dacd95e4e89a Author: Tommi Hirvola AuthorDate: Mon Mar 4 12:56:30 2024 +0200 Commit: Hiltjo Posthuma CommitDate: Mon Mar 4 23:50:58 2024 +0100 set upper limit for REP escape sequence argument Previously, printf 'L\033[2147483647b' would cal

Re: [hackers] [st][PATCH] set upper limit for REP escape sequence argument

2024-03-04 Thread Hiltjo Posthuma
On Mon, Mar 04, 2024 at 10:24:36PM +0200, Tommi Hirvola wrote: > On Mon, Mar 04, 2024 at 01:55:29PM +0100, Hiltjo Posthuma wrote: > > I'm not sure about it. You could still chain REP sequences and "DoS" it. > > Fortunately, chained REP sequences can be terminated with ^C. You can > try this by cop

Re: [hackers] [sbase][PATCH] Add implementation of tac(1)

2024-03-04 Thread Eolien55
Eric Pruitt wrote: > I think there should be separate implementations for seekable vs > non-seekable files to avoid buffering the entire contents of > the file in memory unnecessarily. In fact, performance could be also improved for non-seekable files by forcing a seekable context, ie. use a temp