be more strict about parsing lines with \r and \n
This commit is contained in:
parent
6e139f6c42
commit
3d28146f7d
@ -168,19 +168,12 @@ func trimInitialSpaces(str string) string {
|
||||
}
|
||||
|
||||
func parseLine(line string, maxTagDataLength int, truncateLen int) (ircmsg IRCMessage, err error) {
|
||||
if strings.IndexByte(line, '\x00') != -1 {
|
||||
err = ErrorLineContainsBadChar
|
||||
return
|
||||
}
|
||||
|
||||
// trim to the first appearance of either '\r' or '\n':
|
||||
lineEnd := strings.IndexByte(line, '\r')
|
||||
newlineIndex := strings.IndexByte(line, '\n')
|
||||
if newlineIndex != -1 && (lineEnd == -1 || newlineIndex < lineEnd) {
|
||||
lineEnd = newlineIndex
|
||||
}
|
||||
if lineEnd != -1 {
|
||||
line = line[:lineEnd]
|
||||
// remove either \n or \r\n from the end of the line:
|
||||
line = strings.TrimSuffix(line, "\n")
|
||||
line = strings.TrimSuffix(line, "\r")
|
||||
// now validate for the 3 forbidden bytes:
|
||||
if strings.IndexByte(line, '\x00') != -1 || strings.IndexByte(line, '\n') != -1 || strings.IndexByte(line, '\r') != -1 {
|
||||
return ircmsg, ErrorLineContainsBadChar
|
||||
}
|
||||
|
||||
if len(line) < 1 {
|
||||
|
@ -71,10 +71,6 @@ var decodetests = []testcode{
|
||||
MakeMessage(nil, "", "LIST")},
|
||||
{"list ",
|
||||
MakeMessage(nil, "", "LIST")},
|
||||
{"privmsg #darwin :command injection attempt \n:Nickserv PRIVMSG user :Please re-enter your password",
|
||||
MakeMessage(nil, "", "PRIVMSG", "#darwin", "command injection attempt ")},
|
||||
{"privmsg #darwin :command injection attempt \r:Nickserv PRIVMSG user :Please re-enter your password",
|
||||
MakeMessage(nil, "", "PRIVMSG", "#darwin", "command injection attempt ")},
|
||||
{"@time=2848 :dan-!d@localhost LIST \r\n",
|
||||
MakeMessage(map[string]string{"time": "2848"}, "dan-!d@localhost", "LIST")},
|
||||
}
|
||||
@ -87,11 +83,11 @@ type testparseerror struct {
|
||||
var decodetesterrors = []testparseerror{
|
||||
{"", ErrorLineIsEmpty},
|
||||
{"\r\n", ErrorLineIsEmpty},
|
||||
{"\r\n ", ErrorLineIsEmpty},
|
||||
{"\r\n ", ErrorLineIsEmpty},
|
||||
{"\r\n ", ErrorLineContainsBadChar},
|
||||
{"\r\n ", ErrorLineContainsBadChar},
|
||||
{" \r\n", ErrorLineIsEmpty},
|
||||
{" \r\n ", ErrorLineIsEmpty},
|
||||
{" \r\n ", ErrorLineIsEmpty},
|
||||
{" \r\n ", ErrorLineContainsBadChar},
|
||||
{" \r\n ", ErrorLineContainsBadChar},
|
||||
{"@tags=tesa\r\n", ErrorLineIsEmpty},
|
||||
{"@tags=tested \r\n", ErrorLineIsEmpty},
|
||||
{":dan- \r\n", ErrorLineIsEmpty},
|
||||
@ -100,6 +96,8 @@ var decodetesterrors = []testparseerror{
|
||||
{"@tag1=1;tag2=2 :dan \r\n", ErrorLineIsEmpty},
|
||||
{"@tag1=1;tag2=2\x00 :dan \r\n", ErrorLineContainsBadChar},
|
||||
{"@tag1=1;tag2=2\x00 :shivaram PRIVMSG #channel hi\r\n", ErrorLineContainsBadChar},
|
||||
{"privmsg #channel :command injection attempt \n:Nickserv PRIVMSG user :Please re-enter your password", ErrorLineContainsBadChar},
|
||||
{"privmsg #channel :command injection attempt \r:Nickserv PRIVMSG user :Please re-enter your password", ErrorLineContainsBadChar},
|
||||
}
|
||||
|
||||
func TestDecode(t *testing.T) {
|
||||
|
Loading…
Reference in New Issue
Block a user