be more strict about parsing lines with \r and \n

2021-02-22 18:29:21 -05:00 · 2021-02-22 18:29:21 -05:00 · 3d28146f7d
commit 3d28146f7d
parent 6e139f6c42
2 changed files with 12 additions and 21 deletions
--- a/ircmsg/message.go
+++ b/ircmsg/message.go
@ -168,19 +168,12 @@ func trimInitialSpaces(str string) string {
 }

 func parseLine(line string, maxTagDataLength int, truncateLen int) (ircmsg IRCMessage, err error) {
-	if strings.IndexByte(line, '\x00') != -1 {
-		err = ErrorLineContainsBadChar
-		return
-	}
-
-	// trim to the first appearance of either '\r' or '\n':
-	lineEnd := strings.IndexByte(line, '\r')
-	newlineIndex := strings.IndexByte(line, '\n')
-	if newlineIndex != -1 && (lineEnd == -1 || newlineIndex < lineEnd) {
-		lineEnd = newlineIndex
-	}
-	if lineEnd != -1 {
-		line = line[:lineEnd]
+	// remove either \n or \r\n from the end of the line:
+	line = strings.TrimSuffix(line, "\n")
+	line = strings.TrimSuffix(line, "\r")
+	// now validate for the 3 forbidden bytes:
+	if strings.IndexByte(line, '\x00') != -1 || strings.IndexByte(line, '\n') != -1 || strings.IndexByte(line, '\r') != -1 {
+		return ircmsg, ErrorLineContainsBadChar
 	}

 	if len(line) < 1 {
--- a/ircmsg/message_test.go
+++ b/ircmsg/message_test.go
@ -71,10 +71,6 @@ var decodetests = []testcode{
 		MakeMessage(nil, "", "LIST")},
 	{"list  ",
 		MakeMessage(nil, "", "LIST")},
-	{"privmsg #darwin :command injection attempt \n:Nickserv PRIVMSG user :Please re-enter your password",
-		MakeMessage(nil, "", "PRIVMSG", "#darwin", "command injection attempt ")},
-	{"privmsg #darwin :command injection attempt \r:Nickserv PRIVMSG user :Please re-enter your password",
-		MakeMessage(nil, "", "PRIVMSG", "#darwin", "command injection attempt ")},
 	{"@time=2848  :dan-!d@localhost  LIST \r\n",
 		MakeMessage(map[string]string{"time": "2848"}, "dan-!d@localhost", "LIST")},
 }
@ -87,11 +83,11 @@ type testparseerror struct {
 var decodetesterrors = []testparseerror{
 	{"", ErrorLineIsEmpty},
 	{"\r\n", ErrorLineIsEmpty},
-	{"\r\n    ", ErrorLineIsEmpty},
-	{"\r\n ", ErrorLineIsEmpty},
+	{"\r\n    ", ErrorLineContainsBadChar},
+	{"\r\n ", ErrorLineContainsBadChar},
 	{" \r\n", ErrorLineIsEmpty},
-	{" \r\n ", ErrorLineIsEmpty},
-	{"     \r\n  ", ErrorLineIsEmpty},
+	{" \r\n ", ErrorLineContainsBadChar},
+	{"     \r\n  ", ErrorLineContainsBadChar},
 	{"@tags=tesa\r\n", ErrorLineIsEmpty},
 	{"@tags=tested  \r\n", ErrorLineIsEmpty},
 	{":dan-   \r\n", ErrorLineIsEmpty},
@ -100,6 +96,8 @@ var decodetesterrors = []testparseerror{
 	{"@tag1=1;tag2=2 :dan      \r\n", ErrorLineIsEmpty},
 	{"@tag1=1;tag2=2\x00 :dan      \r\n", ErrorLineContainsBadChar},
 	{"@tag1=1;tag2=2\x00 :shivaram PRIVMSG #channel  hi\r\n", ErrorLineContainsBadChar},
+	{"privmsg #channel :command injection attempt \n:Nickserv PRIVMSG user :Please re-enter your password", ErrorLineContainsBadChar},
+	{"privmsg #channel :command injection attempt \r:Nickserv PRIVMSG user :Please re-enter your password", ErrorLineContainsBadChar},
 }

 func TestDecode(t *testing.T) {