From d85cbd256bcdb5fc449f4253137910ab0aee3da0 Mon Sep 17 00:00:00 2001 From: Valentin Lorentz Date: Fri, 12 Aug 2011 18:51:40 +0200 Subject: [PATCH] Misc: Security fix to @last: time-consuming could freeze the bot. Closes GH-157. --- plugins/Misc/plugin.py | 19 +++++++++++++++---- src/version.py | 2 +- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/plugins/Misc/plugin.py b/plugins/Misc/plugin.py index 08623811e..910bad367 100644 --- a/plugins/Misc/plugin.py +++ b/plugins/Misc/plugin.py @@ -47,6 +47,9 @@ from supybot.utils.iter import ifilter from supybot.i18n import PluginInternationalization, internationalizeDocstring _ = PluginInternationalization('Misc') +class RegexpTimeout(Exception): + pass + class Misc(callbacks.Plugin): def __init__(self, irc): self.__parent = super(Misc, self) @@ -332,10 +335,14 @@ class Misc(callbacks.Plugin): predicates.setdefault('without', []).append(f) elif option == 'regexp': def f(m, arg=arg): + startedOn = time.time() if ircmsgs.isAction(m): - return arg.search(ircmsgs.unAction(m)) + return_ = arg.search(ircmsgs.unAction(m)) else: - return arg.search(m.args[1]) + return_ = arg.search(m.args[1]) + if startedOn + 0.0001 < time.time(): + raise RegexpTimeout() + return return_ predicates.setdefault('regexp', []).append(f) elif option == 'nolimit': nolimit = True @@ -370,8 +377,12 @@ class Misc(callbacks.Plugin): showNick = True for m in iterable: for predicate in predicates: - if not predicate(m): - break + try: + if not predicate(m): + break + except RegexpTimeout: + irc.error(_('The regular expression timed out.')) + return else: if nolimit: resp.append(ircmsgs.prettyPrint(m, diff --git a/src/version.py b/src/version.py index fea00c0d4..c61e38303 100644 --- a/src/version.py +++ b/src/version.py @@ -1,3 +1,3 @@ """stick the various versioning attributes in here, so we only have to change them once.""" -version = '0.83.4.1+limnoria (2011-08-12T13:07:40+0200)' +version = '0.83.4.1+limnoria (2011-08-12T18:51:40+0200)'