From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 9 Oct 2018 07:49:04 +0000 (+0200)
Subject: terminal-util: extra safety checks when parsing $COLUMNS or $LINES (#10314)
X-Git-Tag: v240~607
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d09a71356e3ed78be7cef3cd7d9919dc77508b41;p=thirdparty%2Fsystemd.git

terminal-util: extra safety checks when parsing $COLUMNS or $LINES (#10314)

Let's make sure the integers we parse out are not larger than USHRT_MAX.
This is a good idea as the kernel's TIOCSWINSZ ioctl for sizing
terminals can't take larger values, and we shouldn't risk an overflow.
---

diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index a6671542701..c2aa75c6a82 100644
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -819,11 +819,11 @@ unsigned columns(void) {
         if (e)
                 (void) safe_atoi(e, &c);
 
-        if (c <= 0)
+        if (c <= 0 || c > USHRT_MAX) {
                 c = fd_columns(STDOUT_FILENO);
-
-        if (c <= 0)
-                c = 80;
+                if (c <= 0)
+                        c = 80;
+        }
 
         cached_columns = c;
         return cached_columns;
@@ -853,11 +853,11 @@ unsigned lines(void) {
         if (e)
                 (void) safe_atoi(e, &l);
 
-        if (l <= 0)
+        if (l <= 0 || l > USHRT_MAX) {
                 l = fd_lines(STDOUT_FILENO);
-
-        if (l <= 0)
-                l = 24;
+                if (l <= 0)
+                        l = 24;
+        }
 
         cached_lines = l;
         return cached_lines;