mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-01 23:46:37 +02:00
36baf946a3
Add a little fake lag based on history result: 400ms for 50 lines under normal conditions where 50 lines = 50 lines. But this can go up to 5000ms for worst-case amplification attacks where requesting 50 lines actually returns 50*15=750 lines when each line is a multiline with max-lines, which gets you close to 350k+. This would only happen if someone on the channel is doing evil stuff (with presumably consent of the ops). Also guard against hiting max sendq. If we are too close, then we reject the CHATHISTORY request rather than quiting with "Max SendQ exceeded". This protects against an attack where someone would be tricked into joining a channel with amplified history (as explained in previous paragraph), their client would do an automatic CHATHISTORY request and then the victim would exceed max sendq and thus be killed. And yes, this and maaaaany other multiline + history interactions and many "buts" and security/flood concerns are why this implemtnation took (and still takes) a lot of hours to get right :D.