ocaml-irc-client icon indicating copy to clipboard operation
ocaml-irc-client copied to clipboard
verified publisher icon johnelse

No error when sending malformed messages

Open eras opened this issue 10 years ago • 0 comments

It seems that nothing in ocaml-irc has an opinion about well-formed messages. In particular, it seems to be trivially possibly to send messages with embedded newlines in them, resulting in more messages send to the IRC server than originally desired.

On the other hand it might be considered that the user of the library should take that into account, but I think defense in depth is still in order :-). I'm writing an a web-based IRC-client and at the moment I don't have any defenses of my own for the client sending this kinds of request. Perhaps I'll add them at some point, but this kind of check would benefit all who write network-accessible clients.

Things to consider (may be a non-exhaustive list): whitespace and control codes? in channels and nicks (and other invalid characters per RFC), newlines and carriage returns in messages.

eras avatar Jul 22 '15 20:07 eras