1From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001 2From: Mark Nudelman <markn@greenwoodsoftware.com> 3Date: Fri, 7 Oct 2022 19:25:46 -0700 4Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence. 5 6 7CVE: CVE-2022-46663 8Upstream-Status: Backport [https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c] 9Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> 10--- 11 line.c | 4 ++-- 12 1 file changed, 2 insertions(+), 2 deletions(-) 13 14diff --git a/line.c b/line.c 15index 0ef9b07..9d49cf8 100644 16--- a/line.c 17+++ b/line.c 18@@ -633,8 +633,8 @@ ansi_step(pansi, ch) 19 /* Hyperlink ends with \7 or ESC-backslash. */ 20 if (ch == '\7') 21 return ANSI_END; 22- if (pansi->prev_esc && ch == '\\') 23- return ANSI_END; 24+ if (pansi->prev_esc) 25+ return (ch == '\\') ? ANSI_END : ANSI_ERR; 26 pansi->prev_esc = (ch == ESC); 27 return ANSI_MID; 28 } 29-- 302.25.1 31 32