Commit Graph

4 Commits

Author SHA1 Message Date
Evan Simkowitz
1fc6dd7c1a
Fix code scanning alert no. 50: Size computation for allocation may overflow (#1088)
Fixes
[https://github.com/wavetermdev/waveterm/security/code-scanning/50](https://github.com/wavetermdev/waveterm/security/code-scanning/50)

To fix the problem, we need to ensure that the size computation for the
allocation does not overflow. This can be achieved by validating the
length of `barr` before performing the arithmetic operation. We will set
a maximum allowable size for `barr` to ensure that the sum of
`oscPrefixLen(oscNum)` and `len(barr)` does not exceed the maximum value
for an `int`.

1. Define a maximum allowable size for `barr` (e.g., 64 MB).
2. Check the length of `barr` against this maximum size before
performing the allocation.
3. If `barr` exceeds the maximum size, return an error.


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2024-10-21 14:05:52 -07:00
Mike Sawka
85874f92ca
set up remote connserver (#245) 2024-08-18 21:26:44 -07:00
Mike Sawka
5165d099c2
wsh working over domain socket (and assorted bug fixes) (#217) 2024-08-09 17:46:52 -07:00
Mike Sawka
01b5d71709
new wshrpc mechanism (#112)
lots of changes. new wshrpc implementation. unify websocket, web,
blockcontroller, domain sockets, and terminal inputs to all use the new
rpc system.

lots of moving files around to deal with circular dependencies

use new wshrpc as a client in wsh cmd
2024-07-17 15:24:43 -07:00