mirror of
https://github.com/Mikaela/Limnoria.git
synced 2024-12-23 19:22:45 +01:00
Misc: fix potential ddos when misc.last command is fed a specially-crafted regexp.
This commit is contained in:
parent
3e0375812a
commit
57884bba57
@ -43,6 +43,7 @@ import supybot.irclib as irclib
|
||||
import supybot.ircmsgs as ircmsgs
|
||||
import supybot.ircutils as ircutils
|
||||
import supybot.callbacks as callbacks
|
||||
from supybot import commands
|
||||
|
||||
from supybot.utils.iter import ifilter
|
||||
|
||||
@ -314,10 +315,27 @@ class Misc(callbacks.Plugin):
|
||||
predicates.setdefault('without', []).append(f)
|
||||
elif option == 'regexp':
|
||||
def f(m, arg=arg):
|
||||
def f1(s, arg):
|
||||
"""Since we can't enqueue match objects into the multiprocessing queue,
|
||||
we'll just wrap the function to return bools."""
|
||||
if arg.search(s) is not None:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
if ircmsgs.isAction(m):
|
||||
return arg.search(ircmsgs.unAction(m))
|
||||
m1 = ircmsgs.unAction(m)
|
||||
#return arg.search(ircmsgs.unAction(m))
|
||||
else:
|
||||
return arg.search(m.args[1])
|
||||
m1 = m.args[1]
|
||||
#return arg.search(m.args[1])
|
||||
try:
|
||||
# use a subprocess here, since specially crafted regexps can
|
||||
# take exponential time and hang up the bot.
|
||||
# timeout of 0.1 should be more than enough for any normal regexp.
|
||||
v = commands.process(f1, m1, arg, timeout=0.1, pn=self.name(), cn='last')
|
||||
return v
|
||||
except commands.ProcessTimeoutError:
|
||||
return False
|
||||
predicates.setdefault('regexp', []).append(f)
|
||||
elif option == 'nolimit':
|
||||
nolimit = True
|
||||
|
Loading…
Reference in New Issue
Block a user