My own clone of suckless st with custom patches and settings kept in the "custom" branch.
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Avi Halachmi (:avih) ea4d933ed9 base64dec: don't read out of bounds
Previously, base64dec checked terminating input '\0' every 4 calls to
base64dec_getc, where the latter progressed one or more chars on each
call, and could read past '\0' in the way it was used.

The input to base64dec currently comes only from OSC 52 escape seq
(copy to clipboard), and reading past '\0' or even past the buffer
boundary was easy to trigger.

Also, even if we could trust external input to be valid base64, there
are different base64 standards, and not all of them require padding
to 4 bytes blocks (using trailing '=' chars).

It didn't affect short OSC 52 strings because the buffer is initialized
to 0's, so typically it did stop within the buffer, but if the string
was trimmed to fit (the buffer is 512 bytes) then it did also read past
the end of the buffer, and the decoded suffix ended up arbitrary.

This patch makes base64dec_getc not progress past '\0', and instead
produce fake trailing padding of '='.

Additionally, at base64dec, if padding is detected at the first or
second byte of a quartet, then we identify it as invalid and abort
(a valid quartet has at least two leading non-padding bytes).
5 years ago
FAQ FAQ: add entry about color emoji Xft bug 6 years ago
LEGACY LEGACY: typo. 12 years ago
LICENSE LICENSE: fix a few years 7 years ago
Makefile Makefile: fix dependencies on config.h 6 years ago
README tic -s -> tic -sx (Treat unknown capabilities as user-defined.) 8 years ago
TODO Remove old TODO entry. 10 years ago
arg.h don't modify argv, use a counter 7 years ago
config.def.h mouse shortcuts: don't hardcode selpaste 5 years ago
config.mk bump version to 0.8.2 6 years ago
st.1 Remove the ISO 14755 feature 6 years ago
st.c base64dec: don't read out of bounds 5 years ago
st.h mouse shortcuts: allow same functions as kb shortcuts 5 years ago
st.info Fix tmux terminfo extensions Se and Ss 5 years ago
win.h better Input Method Editor (IME) support 6 years ago
x.c apply hints before initial mapping (ICCCM) 5 years ago

README

st - simple terminal
--------------------
st is a simple terminal emulator for X which sucks less.


Requirements
------------
In order to build st you need the Xlib header files.


Installation
------------
Edit config.mk to match your local setup (st is installed into
the /usr/local namespace by default).

Afterwards enter the following command to build and install st (if
necessary as root):

    make clean install


Running st
----------
If you did not install st with make clean install, you must compile
the st terminfo entry with the following command:

    tic -sx st.info

See the man page for additional details.

Credits
-------
Based on Aurélien APTEL <aurelien dot aptel at gmail dot com> bt source code.