GPG: Limit number of headers fetched on old Python versions.

2024-11-26 12:49:24 +01:00 · 2016-11-22 22:15:43 +01:00 · 2016-11-22 22:15:43 +01:00 · ecf70a4de4
commit ecf70a4de4
parent 95a1f21600
1 changed files with 18 additions and 1 deletions
--- a/plugins/GPG/plugin.py
+++ b/plugins/GPG/plugin.py
@ -41,8 +41,13 @@ import supybot.ircdb as ircdb
 from supybot.commands import *
 import supybot.utils.minisix as minisix
 import supybot.plugins as plugins
+import supybot.commands as commands
 import supybot.ircutils as ircutils
 import supybot.callbacks as callbacks
+if minisix.PY3:
+    import http.client as http_client
+else:
+    import httplib as http_client
 try:
    from supybot.i18n import PluginInternationalization
    _ = PluginInternationalization('GPG')
@ -71,6 +76,18 @@ def check_gpg_available(f):
        newf.__name__ = f.__name__
        return newf

+if hasattr(http_client, '_MAXHEADERS'):
+    safe_getUrl = utils.web.getUrl
+else:
+    def safe_getUrl(url):
+        try:
+            return commands.process(utils.web.getUrl, url,
+                    timeout=10, heap_size=10*1024*1024,
+                    pn='GPG')
+        except (commands.ProcessTimeoutError, MemoryError):
+            raise utils.web.Error(_('Page is too big or the server took '
+                    'too much time to answer the request.'))
+
 class GPG(callbacks.Plugin):
    """Provides authentication based on GPG keys."""
    class key(callbacks.Commands):
@ -172,7 +189,7 @@ class GPG(callbacks.Plugin):
            Check the GPG signature at the <url> and authenticates you if
            the key used is associated to a user."""
            self._expire_tokens()
-            content = utils.web.getUrl(url)
+            content = safe_getUrl(url)
            if minisix.PY3 and isinstance(content, bytes):
                content = content.decode()
            match = self._auth_re.search(content)