Alias: Restore recursion limit and limit memory use

The (faulty) detection of recursive Aliases was removed in
a656fd0693, claiming that "our nesting
limit will catch issues now."  However, nested Aliases weren't actually
increasing the nesting level.

Actually increasing the nesting level when an alias is executed restores
the intended behavior.  Additionally, limiting the size of the
expanded arguments to an alias prevents exponential growth of memory
usage for certain malicious inputs/aliases.

Signed-off-by: James McCoy <vega.james@gmail.com>
This commit is contained in:
James McCoy 2014-06-09 23:48:41 -04:00
parent 7838cae3bc
commit f5df6695c0

View File

@ -1,6 +1,6 @@
### ###
# Copyright (c) 2002-2004, Jeremiah Fincher # Copyright (c) 2002-2004, Jeremiah Fincher
# Copyright (c) 2009-2010, James McCoy # Copyright (c) 2014, James McCoy
# All rights reserved. # All rights reserved.
# #
# Redistribution and use in source and binary forms, with or without # Redistribution and use in source and binary forms, with or without
@ -78,9 +78,6 @@ def getArgs(args, required=1, optional=0, wildcard=0):
class AliasError(Exception): class AliasError(Exception):
pass pass
class RecursiveAlias(AliasError):
pass
dollarRe = re.compile(r'\$(\d+)') dollarRe = re.compile(r'\$(\d+)')
def findBiggestDollar(alias): def findBiggestDollar(alias):
dollars = dollarRe.findall(alias) dollars = dollarRe.findall(alias)
@ -156,7 +153,11 @@ def makeNewAlias(name, alias):
return True return True
return False return False
everythingReplace(tokens) everythingReplace(tokens)
self.Proxy(irc, msg, tokens) # Limit memory use by constraining the size of the message being passed
# in to the alias. Also tracking nesting to avoid endless recursion.
maxLength = conf.supybot.reply.maximumLength()
tokens = [t[:maxLength] for t in tokens]
self.Proxy(irc, msg, tokens, nested=irc.nested + 1)
flexargs = '' flexargs = ''
if biggestDollar and (wildcard or biggestAt): if biggestDollar and (wildcard or biggestAt):
flexargs = ' at least' flexargs = ' at least'
@ -258,11 +259,8 @@ class Alias(callbacks.Plugin):
(currentAlias, locked, _) = self.aliases[name] (currentAlias, locked, _) = self.aliases[name]
if locked and currentAlias != alias: if locked and currentAlias != alias:
raise AliasError, format('Alias %q is locked.', name) raise AliasError, format('Alias %q is locked.', name)
try: f = makeNewAlias(name, alias)
f = makeNewAlias(name, alias) f = new.instancemethod(f, self, Alias)
f = new.instancemethod(f, self, Alias)
except RecursiveAlias:
raise AliasError, 'You can\'t define a recursive alias.'
aliasGroup = self.registryValue('aliases', value=False) aliasGroup = self.registryValue('aliases', value=False)
if name in self.aliases: if name in self.aliases:
# We gotta remove it so its value gets updated. # We gotta remove it so its value gets updated.