mirror of
https://github.com/weechat/weechat.git
synced 2026-07-06 17:53:13 +02:00
irc: limit size of data received from the server to prevent memory exhaustion
A malicious or compromised IRC server could send data with no end-of-line (or a flood of "005" messages), making WeeChat accumulate it in a buffer that grew without limit, until all memory was exhausted. The unterminated received message and the accumulated "005" (ISUPPORT) data are now bounded by IRC_SERVER_RECV_MSG_MAX_LENGTH and IRC_SERVER_ISUPPORT_MAX_LENGTH: extra data is ignored once the limit is reached.
This commit is contained in:
@@ -144,6 +144,15 @@ enum t_irc_server_option
|
||||
#define IRC_SERVER_MULTILINE_DEFAULT_MAX_BYTES 4096
|
||||
#define IRC_SERVER_MULTILINE_DEFAULT_MAX_LINES 24
|
||||
|
||||
/*
|
||||
* maximum length of an unterminated message (a received line without
|
||||
* end-of-line) and of the accumulated "005" (ISUPPORT) data; these limits
|
||||
* protect against a server sending a huge amount of data without end-of-line
|
||||
* (or a flood of "005" messages), which would consume all the memory
|
||||
*/
|
||||
#define IRC_SERVER_RECV_MSG_MAX_LENGTH (64 * 1024)
|
||||
#define IRC_SERVER_ISUPPORT_MAX_LENGTH (64 * 1024)
|
||||
|
||||
/* casemapping (string comparisons for nicks/channels) */
|
||||
enum t_irc_server_casemapping
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user