Mikaela/Limnoria
1
0
Fork 0
mirror of https://github.com/Mikaela/Limnoria.git synced 2024-10-14 17:59:29 +02:00
Code Issues Projects Releases Wiki Activity

Misc: Security fix to @last: time-consuming could freeze the bot. Closes GH-157.

Browse Source
This commit is contained in:
Valentin Lorentz 2011-08-12 18:51:40 +02:00
parent 8d6ce790e8
commit d85cbd256b
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
plugins/Misc/plugin.py
View File

@ -47,6 +47,9 @@ from supybot.utils.iter import ifilter
from supybot.i18n import PluginInternationalization, internationalizeDocstring from supybot.i18n import PluginInternationalization, internationalizeDocstring
_ = PluginInternationalization('Misc') _ = PluginInternationalization('Misc')
class RegexpTimeout(Exception):
pass
class Misc(callbacks.Plugin): class Misc(callbacks.Plugin):
def __init__(self, irc): def __init__(self, irc):
self.__parent = super(Misc, self) self.__parent = super(Misc, self)
@ -332,10 +335,14 @@ class Misc(callbacks.Plugin):
predicates.setdefault('without', []).append(f) predicates.setdefault('without', []).append(f)
elif option == 'regexp': elif option == 'regexp':
def f(m, arg=arg): def f(m, arg=arg):
startedOn = time.time()
if ircmsgs.isAction(m): if ircmsgs.isAction(m):
return arg.search(ircmsgs.unAction(m)) return_ = arg.search(ircmsgs.unAction(m))
else: else:
return arg.search(m.args[1]) return_ = arg.search(m.args[1])
if startedOn + 0.0001 < time.time():
raise RegexpTimeout()
return return_
predicates.setdefault('regexp', []).append(f) predicates.setdefault('regexp', []).append(f)
elif option == 'nolimit': elif option == 'nolimit':
nolimit = True nolimit = True
@ -370,8 +377,12 @@ class Misc(callbacks.Plugin):
showNick = True showNick = True
for m in iterable: for m in iterable:
for predicate in predicates: for predicate in predicates:
if not predicate(m): try:
break if not predicate(m):
break
except RegexpTimeout:
irc.error(_('The regular expression timed out.'))
return
else: else:
if nolimit: if nolimit:
resp.append(ircmsgs.prettyPrint(m, resp.append(ircmsgs.prettyPrint(m,

2
src/version.py
View File

@ -1,3 +1,3 @@
"""stick the various versioning attributes in here, so we only have to change """stick the various versioning attributes in here, so we only have to change
them once.""" them once."""
version = '0.83.4.1+limnoria (2011-08-12T13:07:40+0200)' version = '0.83.4.1+limnoria (2011-08-12T18:51:40+0200)'