From: Eric S. Raymond <esr@thyrsus.com>
Date: Sat, 29 Sep 2012 15:46:57 +0000 (-0400)
Subject: Prevent a simple DoS.
X-Git-Tag: 1.2~10
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=784f386a3efd7ddeb63f42be1a8cd9afd34769d7;p=irker.git

Prevent a simple DoS.
---

diff --git a/irkerd b/irkerd
index e5bf300..d249fca 100755
--- a/irkerd
+++ b/irkerd
@@ -18,9 +18,9 @@ developers). The -V option prints the program version and exits.
 Design and code by Eric S. Raymond <esr@thyrsus.com>. See the project
 resource page at <http://www.catb.org/~esr/irker/>.
 
-Requires Python 2.6 and the irc.client library at version >= 2.0.2: see
+Requires Python 2.6 and the irc client library at version >= 2.0.2: see
 
-http://sourceforge.net/projects/python-irclib
+http://pypi.python.org/pypi/irc/
 """
 # These things might need tuning
 
@@ -38,7 +38,7 @@ ANTI_BUZZ_DELAY = 0.09		# Anti-buzz delay after queue-empty check
 
 # No user-serviceable parts below this line
 
-import sys, json, getopt, urlparse, time
+import sys, json, getopt, urlparse, time, random
 import threading, Queue, SocketServer
 import irc.client, logging
 
@@ -110,7 +110,9 @@ class Connection:
     def handle_badnick(self):
         "The server says our nick has a conflict."
         self.irker.debug(1, "nick %s rejected" % self.nickname())
-        self.nick_trial += 1
+        # Randomness prevents a malicious user or bot from antcipating the
+        # next trial name in order to block us from completing the handshake.
+        self.nick_trial += random.randint(1, 3)
         self.connection.nick(self.nickname())
     def enqueue(self, channel, message):
         "Enque a message for transmission."