diff options
| author | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2008-01-05 22:24:15 +0800 |
|---|---|---|
| committer | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2008-01-05 22:24:15 +0800 |
| commit | 312ac55f526f388f6154c9861f232659d348aae2 (patch) | |
| tree | cc79a20059db4b61567b2232853efaba11eb9b85 | |
| parent | 0e2068d6d86ca7a398a99737736aa4456f9f531c (diff) | |
| download | pttbbs-312ac55f526f388f6154c9861f232659d348aae2.tar pttbbs-312ac55f526f388f6154c9861f232659d348aae2.tar.gz pttbbs-312ac55f526f388f6154c9861f232659d348aae2.tar.bz2 pttbbs-312ac55f526f388f6154c9861f232659d348aae2.tar.lz pttbbs-312ac55f526f388f6154c9861f232659d348aae2.tar.xz pttbbs-312ac55f526f388f6154c9861f232659d348aae2.tar.zst pttbbs-312ac55f526f388f6154c9861f232659d348aae2.zip | |
- fix potential exploits (reported by kcwu)
git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3795 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
| -rw-r--r-- | mbbsd/bbslua.c | 4 | ||||
| -rw-r--r-- | mbbsd/pfterm.c | 6 | ||||
| -rw-r--r-- | mbbsd/screen.c | 17 |
3 files changed, 23 insertions, 4 deletions
diff --git a/mbbsd/bbslua.c b/mbbsd/bbslua.c index 43346a19..2a1096fb 100644 --- a/mbbsd/bbslua.c +++ b/mbbsd/bbslua.c @@ -175,7 +175,7 @@ bl_getdata(lua_State* L) if (n > 0) len = lua_tointeger(L, 1); - if (n > 2) + if (n > 1) echo = lua_tointeger(L, 2); if (len < 2) @@ -449,7 +449,7 @@ bbslua(const char *fpath) move(b_lines-3, 0); clrtobot(); outs("\n"); outs(errmsg); - vmsg("BBS-Lua 錯誤: 請修正程式碼。"); + vmsg("BBS-Lua 錯誤: 請通知作者修正程式碼。"); lua_close(L); return 0; } diff --git a/mbbsd/pfterm.c b/mbbsd/pfterm.c index 9c988ea2..11a4d66c 100644 --- a/mbbsd/pfterm.c +++ b/mbbsd/pfterm.c @@ -1068,6 +1068,10 @@ outstr(const char *str) void outc(unsigned char c) { + // 0xFF is invalid for most cases (even DBCS), + if (c == 0xFF || c == 0x00) + return; + fterm_markdirty(); if (ft.szcmd) { @@ -1392,6 +1396,8 @@ fterm_exec(void) case 'G': // CHA: CSI n G // Moves the cursor to column n. + if (n < 1) + n = 1; getyx(&y, &x); move(y, n-1); break; diff --git a/mbbsd/screen.c b/mbbsd/screen.c index 88696f8a..ffd5029b 100644 --- a/mbbsd/screen.c +++ b/mbbsd/screen.c @@ -53,8 +53,12 @@ resizeterm(int w, int h) void move(int y, int x) { - assert(y>=0); - assert(x>=0); + if (y < 0) y = 0; + if (y >= t_lines) y = t_lines -1; + if (x < 0) x = 0; + if (x >= ANSILINELEN) x = ANSILINELEN -1; + // assert(y>=0); + // assert(x>=0); cur_col = x; cur_ln = y; } @@ -64,6 +68,11 @@ move_ansi(int y, int x) { // take ANSI length in consideration register screenline_t *slp; + if (y < 0) y = 0; + if (y >= t_lines) y = t_lines -1; + if (x < 0) x = 0; + if (x >= ANSILINELEN) x = ANSILINELEN -1; + cur_ln = y; cur_col = x; @@ -385,6 +394,10 @@ outc(unsigned char c) register screenline_t *slp = GetCurrentLine(); register int i; + // 0xFF is invalid for most cases (even DBCS), + if (c == 0xFF || c == 0x00) + return; + if (c == '\n' || c == '\r') { if (standing) { slp->eso = MAX(slp->eso, cur_col); |