Some anti-DOS protection.
authorEric S. Raymond <esr@thyrsus.com>
Mon, 1 Oct 2012 22:51:10 +0000 (18:51 -0400)
committerEric S. Raymond <esr@thyrsus.com>
Mon, 1 Oct 2012 22:51:10 +0000 (18:51 -0400)
irkerd

diff --git a/irkerd b/irkerd
index 1b85e006ffb3c69011e77076e88e765fbf1a2daa..9207ae1dec7cea20df3b60f9e96264e073884af8 100755 (executable)
--- a/irkerd
+++ b/irkerd
@@ -363,6 +363,11 @@ class Irker:
     def handle(self, line):
         "Perform a JSON relay request."
         try:
+            # Without this guard, a line consisting of a thousand '[' chars
+            # can crash irker by inducing the JSON parser to blow Python's
+            # recursion stack. 
+            if line.count("[") > 256 or line.count("{") > 256:
+                raise ValueError
             request = json.loads(line.strip())
             if type(request) != type({}):
                 self.logerr("request in tot a JSON dictionary: %s" % repr(request))