irc icon indicating copy to clipboard operation
irc copied to clipboard

Published 20 hours ago verified publisher icon minetest-mods

Enforce a message size limit

Open luk3yx opened this issue 6 years ago • 4 comments

Forces all messages to be at most 512 bytes, to stop cmd help all from the irc_commands DoSing the server (making it quit with the message RecvQ exceeded).

This is done in the core IRC mod so it limits everything rather than just irc_commands.

Credit to @bigfoot547 for finding this vulnerability.

luk3yx avatar Oct 02 '18 04:10 luk3yx

Yes, but, can we please maybe get some logging in the console as well if players want to cause floods this way? Silently dropping output may also cause unintentional side effects, so we should consider replying back with an error message and throttling the user for at least a few seconds, too.

sofar avatar Nov 03 '18 04:11 sofar

What about adding ... to the end of long messages?

PRIVMSG #channel :A really long testing messag...

luk3yx avatar Nov 05 '18 02:11 luk3yx

I'd almost favor dropping the message and sending an error to the client. That may help prevent floods.

sofar avatar Nov 05 '18 04:11 sofar

That would need a change somewhere else, there may be rouge irc.say()-s in other mods that need fixing too.

luk3yx avatar Nov 06 '18 00:11 luk3yx