mirror of
https://github.com/Mikaela/Limnoria.git
synced 2025-01-25 19:44:13 +01:00
Misc: fix potential ddos when misc.last command is fed a specially-crafted regexp.
Conflicts: plugins/Misc/plugin.py
This commit is contained in:
Daniel Folkinshteyn
Valentin Lorentz
parent
91ac1c2179
commit
e11dc28025
@ -43,6 +43,8 @@ import supybot.irclib as irclib
|
|||||||
import supybot.ircmsgs as ircmsgs
|
import supybot.ircmsgs as ircmsgs
|
||||||
import supybot.ircutils as ircutils
|
import supybot.ircutils as ircutils
|
||||||
import supybot.callbacks as callbacks
|
import supybot.callbacks as callbacks
|
||||||
|
from supybot import commands
|
||||||
|
|
||||||
from supybot.utils.iter import ifilter
|
from supybot.utils.iter import ifilter
|
||||||
from supybot.i18n import PluginInternationalization, internationalizeDocstring
|
from supybot.i18n import PluginInternationalization, internationalizeDocstring
|
||||||
_ = PluginInternationalization('Misc')
|
_ = PluginInternationalization('Misc')
|
||||||
@ -335,14 +337,27 @@ class Misc(callbacks.Plugin):
|
|||||||
predicates.setdefault('without', []).append(f)
|
predicates.setdefault('without', []).append(f)
|
||||||
elif option == 'regexp':
|
elif option == 'regexp':
|
||||||
def f(m, arg=arg):
|
def f(m, arg=arg):
|
||||||
startedOn = time.time()
|
def f1(s, arg):
|
||||||
if ircmsgs.isAction(m):
|
"""Since we can't enqueue match objects into the multiprocessing queue,
|
||||||
return_ = arg.search(ircmsgs.unAction(m))
|
we'll just wrap the function to return bools."""
|
||||||
|
if arg.search(s) is not None:
|
||||||
|
return True
|
||||||
else:
|
else:
|
||||||
return_ = arg.search(m.args[1])
|
return False
|
||||||
if startedOn + 0.0001 < time.time():
|
if ircmsgs.isAction(m):
|
||||||
raise RegexpTimeout()
|
m1 = ircmsgs.unAction(m)
|
||||||
return return_
|
#return arg.search(ircmsgs.unAction(m))
|
||||||
|
else:
|
||||||
|
m1 = m.args[1]
|
||||||
|
#return arg.search(m.args[1])
|
||||||
|
try:
|
||||||
|
# use a subprocess here, since specially crafted regexps can
|
||||||
|
# take exponential time and hang up the bot.
|
||||||
|
# timeout of 0.1 should be more than enough for any normal regexp.
|
||||||
|
v = commands.process(f1, m1, arg, timeout=0.1, pn=self.name(), cn='last')
|
||||||
|
return v
|
||||||
|
except commands.ProcessTimeoutError:
|
||||||
|
return False
|
||||||
predicates.setdefault('regexp', []).append(f)
|
predicates.setdefault('regexp', []).append(f)
|
||||||
elif option == 'nolimit':
|
elif option == 'nolimit':
|
||||||
nolimit = True
|
nolimit = True
|
||||||
|
|||||||
@ -1,3 +1,3 @@
|
|||||||
"""stick the various versioning attributes in here, so we only have to change
|
"""stick the various versioning attributes in here, so we only have to change
|
||||||
them once."""
|
them once."""
|
||||||
version = '0.83.4.1+limnoria (2011-08-13T01:55:24+0200)'
|
version = '0.83.4.1+limnoria (2011-08-13T01:56:21+0200)'
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user