From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from localhost (fantadrom.bsd.lv [local])
	by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id 46bcb451
	for <source@mandoc.bsd.lv>;
	Sun, 20 May 2018 16:38:04 -0500 (EST)
Date: Sun, 20 May 2018 16:38:04 -0500 (EST)
X-Mailinglist: mandoc-source
Reply-To: source@mandoc.bsd.lv
MIME-Version: 1.0
From: schwarze@mandoc.bsd.lv
To: source@mandoc.bsd.lv
Subject: mandoc: Protect against malicious manual pages containing .ll requests 
X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/
Content-Type: text/plain; charset=utf-8
Message-Id: <f14da66b8a59f3e7@fantadrom.bsd.lv>

Log Message:
-----------
Protect against malicious manual pages containing .ll requests with
excessive arguments: apply the same cutoff as for the -O width=
command line argument.

While here, also place some assertions at strategical places to
prevent excessive indentations from being printed in case of bugs.  
In the past, we had more than one bug that caused mandoc to print
effectively infinite output, filling up people's /tmp/ file system, 
which is not funny.  We cannot prevent bugs from crashing the
program, but we can at least make filling up the disk less likely.

Triggered by a remark from sthen@ on source-changes@.

Modified Files:
--------------
    mandoc:
        term_ascii.c

Revision Data
-------------
Index: term_ascii.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/term_ascii.c,v
retrieving revision 1.60
retrieving revision 1.61
diff -Lterm_ascii.c -Lterm_ascii.c -u -p -r1.60 -r1.61
--- term_ascii.c
+++ term_ascii.c
@@ -133,6 +133,8 @@ ascii_init(enum termenc enc, const struc
 	if (outopts->synopsisonly)
 		p->synopsisonly = 1;
 
+	assert(p->defindent < UINT16_MAX);
+	assert(p->defrmargin < UINT16_MAX);
 	return p;
 }
 
@@ -171,6 +173,8 @@ ascii_setwidth(struct termp *p, int iop,
 		p->defrmargin -= width;
 	else
 		p->defrmargin = 0;
+	if (p->defrmargin > 1000)
+		p->defrmargin = 1000;
 	p->lastrmargin = p->tcol->rmargin;
 	p->tcol->rmargin = p->maxrmargin = p->defrmargin;
 }
@@ -239,6 +243,7 @@ ascii_advance(struct termp *p, size_t le
 {
 	size_t		i;
 
+	assert(len < UINT16_MAX);
 	for (i = 0; i < len; i++)
 		putchar(' ');
 }
@@ -376,6 +381,7 @@ locale_advance(struct termp *p, size_t l
 {
 	size_t		i;
 
+	assert(len < UINT16_MAX);
 	for (i = 0; i < len; i++)
 		putwchar(L' ');
 }
--
 To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv