From 3865c14583c7e1bc6a533a673661a5743a4b18e9 Mon Sep 17 00:00:00 2001
From: csoler <retroshare.project@gmail.com>
Date: Thu, 8 Aug 2013 09:55:19 +0000
Subject: [PATCH] modified patch from AC to remove messages with security
 issues (e.g. Billion Laughs bomb). The message is replaced by a warning, and
 is not forwarded

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6562 b45a01b8-16f6-495d-af2f-9b41ad6348cc
---
 libretroshare/src/services/p3chatservice.cc | 36 +++++++++++++++++++--
 libretroshare/src/services/p3chatservice.h  |  6 ++++
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/libretroshare/src/services/p3chatservice.cc b/libretroshare/src/services/p3chatservice.cc
index 1da00ca6a..373249e34 100644
--- a/libretroshare/src/services/p3chatservice.cc
+++ b/libretroshare/src/services/p3chatservice.cc
@@ -1060,8 +1060,39 @@ void p3ChatService::handleRecvChatAvatarItem(RsChatAvatarItem *ca)
 	rsicontrol->getNotify().notifyPeerHasNewAvatar(ca->PeerId()) ;
 }
 
+bool p3ChatService::checkForMessageSecurity(RsChatMsgItem *ci)
+{
+	// https://en.wikipedia.org/wiki/Billion_laughs
+	// This should be done for all incoming HTML messages (also in forums
+	// etc.) so this should be a function in some other file.
+	wchar_t tmp[10];
+	mbstowcs(tmp, "<!", 9);
+
+	if (ci->message.find(tmp) != std::string::npos)
+	{
+		// Drop any message with "<!doctype" or "<!entity"...
+		// TODO: check what happens with partial messages
+		//
+		std::wcout << "handleRecvChatMsgItem: " << ci->message << std::endl;
+		std::wcout << "**********" << std::endl;
+		std::wcout << "********** entity attack by " << ci->PeerId().c_str() << std::endl;
+		std::wcout << "**********" << std::endl;
+
+		ci->message = L"**** This message has been removed because it breaks security rules.****" ;
+		return false;
+	}
+	// For a future whitelist:
+	// things to be kept:
+	// <span> <img src="data:image/png;base64,... />
+	// <a href="retroshare://…>…</a>
+	
+	return true ;
+}
+
 bool p3ChatService::handleRecvChatMsgItem(RsChatMsgItem *ci)
 {
+	bool message_is_secure = checkForMessageSecurity(ci) ;
+
 	bool publicChanged = false;
 	bool privateChanged = false;
 
@@ -1098,8 +1129,9 @@ bool p3ChatService::handleRecvChatMsgItem(RsChatMsgItem *ci)
 			std::cerr << std::endl;
 			return false ;
 		}
-		if(!bounceLobbyObject(cli,cli->PeerId()))	// forwards the message to friends, keeps track of subscribers, etc.
-			return false;
+		if(message_is_secure)								// never bounce bad messages
+			if(!bounceLobbyObject(cli,cli->PeerId()))	// forwards the message to friends, keeps track of subscribers, etc.
+				return false;
 
 		// setup the peer id to the virtual peer id of the lobby.
 		//
diff --git a/libretroshare/src/services/p3chatservice.h b/libretroshare/src/services/p3chatservice.h
index 8fbd6e750..9abb50b1a 100644
--- a/libretroshare/src/services/p3chatservice.h
+++ b/libretroshare/src/services/p3chatservice.h
@@ -152,6 +152,12 @@ class p3ChatService: public p3Service, public p3Config, public pqiMonitor, publi
 		 */
 		bool getPrivateChatQueue(bool incoming, const std::string &id, std::list<ChatInfo> &chats);
 
+		/*!
+		 * Checks message security, especially remove billion laughs attacks
+		 */
+
+		static bool checkForMessageSecurity(RsChatMsgItem *) ;
+
 		/*!
 		 * @param clear private chat queue
 		 */