GitHub/ergo
3
0
Fork 0
mirror of https://github.com/ergochat/ergo.git synced 2025-01-03 08:32:43 +01:00
Code Issues Projects Releases Wiki Activity

mitigate a potential DoS against websocket listeners

Browse Source 
Websocket listeners would process an arbitrary number of invalid
(non-text or blank) messages without throttling. This imposes fakelag
on such messages by treating them as blank lines.
This commit is contained in:
Shivaram Lingamneni 2020-08-05 15:00:39 -04:00
parent 8f490ae298
commit aad39024b9
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
irc/ircconn.go
View File

@ -124,16 +124,18 @@ func (wc IRCWSConn) WriteLines(buffers [][]byte) (err error) {
} }
func (wc IRCWSConn) ReadLine() (line []byte, err error) { func (wc IRCWSConn) ReadLine() (line []byte, err error) {
for { messageType, line, err := wc.conn.ReadMessage()
var messageType int if err == nil {
messageType, line, err = wc.conn.ReadMessage() if messageType == websocket.TextMessage {
// on empty message or non-text message, try again, block if necessary return line, nil
if err != nil || (messageType == websocket.TextMessage && len(line) != 0) { } else {
if err == websocket.ErrReadLimit { // for purposes of fakelag, treat non-text message as an empty line
err = errReadQ return nil, nil
}
return
} }
} else if err == websocket.ErrReadLimit {
return line, errReadQ
} else {
return line, err
} }
} }