Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

modified patch from AC to remove big messages from chat lobbies (likely to be a flooding attack). Displayed the name/location of the friend who relayed the message

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6742 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2013-09-16 22:00:26 +00:00
parent 81a4523434
commit cb4e28f5db
1 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
libretroshare/src/services/p3chatservice.cc
View File

@ -1078,6 +1078,43 @@ void p3ChatService::handleRecvChatAvatarItem(RsChatAvatarItem *ca)
bool p3ChatService::checkForMessageSecurity(RsChatMsgItem *ci) bool p3ChatService::checkForMessageSecurity(RsChatMsgItem *ci)
{ {
// Remove too big messages
if (ci->message.length() > 2000)
{
wchar_t tmp[300];
mbstowcs(tmp, rsPeers->getPeerName(ci->PeerId()).c_str(), 299);
ci->message = std::wstring(L"**** Security warning: Message bigger than 2000 characters, coming from id ") + tmp + L", dropped. ****";
return false;
}
// The following code has been suggested, but is kept suspended since it is a bit too much restrictive.
#ifdef SUSPENDED
// Transform message to lowercase
std::wstring mes(ci->message);
std::transform( mes.begin(), mes.end(), mes.begin(), std::towlower);
// Quick fix for svg attack and other nuisances (inline pictures)
if (mes.find(L"<img") != std::string::npos)
{
ci->message = L"**** Security warning: Message contains an . ****";
return false;
}
// Remove messages with too many line breaks
size_t pos = 0;
int count_line_breaks = 0;
while ((pos = mes.find(L"<br", pos+1)) != std::string::npos)
{
count_line_breaks++;
}
if (count_line_breaks > 50)
{
ci->message = L"**** More than 50 line breaks, dropped. ****";
return false;
}
#endif
// https://en.wikipedia.org/wiki/Billion_laughs // https://en.wikipedia.org/wiki/Billion_laughs
// This should be done for all incoming HTML messages (also in forums // This should be done for all incoming HTML messages (also in forums
// etc.) so this should be a function in some other file. // etc.) so this should be a function in some other file.
@ -1094,7 +1131,10 @@ bool p3ChatService::checkForMessageSecurity(RsChatMsgItem *ci)
std::wcout << "********** entity attack by " << ci->PeerId().c_str() << std::endl; std::wcout << "********** entity attack by " << ci->PeerId().c_str() << std::endl;
std::wcout << "**********" << std::endl; std::wcout << "**********" << std::endl;
ci->message = L"**** This message has been removed because it breaks security rules.****" ; wchar_t tmp2[300];
mbstowcs(tmp2, rsPeers->getPeerName(ci->PeerId()).c_str(), 299);
ci->message = std::wstring(L"**** This message (from peer id ") + tmp2 + L") has been removed because it contains the string \"<!\".****" ;
return false; return false;
} }
// For a future whitelist: // For a future whitelist: