Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-02-03 02:50:07 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

drastic removal of <! from all wide string in all RsItems, from the de-serialisation code. Shoudl prevent lol bombs throughout the whole software. To be tested further

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6744 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2013-09-16 22:24:43 +00:00
parent 6dbbf83783
commit 4ee7d8bb7e
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libretroshare/src/serialiser/rstlvbase.cc
View File

@ -561,6 +561,18 @@ bool GetTlvWideString(void *data, uint32_t size, uint32_t *offset,
ok &= getRawUInt32(data, tlvend, offset, &widechar); ok &= getRawUInt32(data, tlvend, offset, &widechar);
in += widechar; in += widechar;
} }
// Check for message content. We want to avoid possible lol bombs as soon as possible.
wchar_t tmp[10];
mbstowcs(tmp, "<!", 9);
// Drop any string with "<!" or "<!"...
// TODO: check what happens with partial messages
//
if (in.find(tmp) != std::string::npos)
in = L"**** This string has been removed because it contains \"<!\" (forbidden for security reasons).****" ;
return ok; return ok;
} }