From 3eab6d6140339c682a55f9c15c608427c23a74d4 Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Thu, 17 Nov 2016 05:49:53 +0100 Subject: [PATCH] spend less cpu on http attacks, bidi tweak, stop smtp-out --- world/net/http/server.c | 26 ++++++++++++++++---------- world/net/include/net.h | 2 +- world/net/jabber/common.c | 2 +- world/net/jabber/gateway.c | 6 ++++-- world/net/smtp/outgoing.c | 5 +++++ world/net/tn/server.c | 2 +- world/net/usercmd.i | 4 +++- 7 files changed, 31 insertions(+), 16 deletions(-) diff --git a/world/net/http/server.c b/world/net/http/server.c index 96d50c0..8e8ca3a 100644 --- a/world/net/http/server.c +++ b/world/net/http/server.c @@ -113,12 +113,7 @@ process_header() { } parse_request(input) { - P2(("=== HTTP got: %O from %O\n", input, query_ip_name(ME))) - - // reset state. in case we support HTTP/1.1. do we? - method = item = url = prot = qs = 0; - headers = ([]); - body = ""; + P0(("=== HTTP got: %O from %O\n", input, query_ip_name(ME))) if (!input || input=="") { // should return error? @@ -126,9 +121,14 @@ parse_request(input) { // lets just ignore the empty line return 1; } + // reset state. in case we support HTTP/1.1. do we? + method = item = url = prot = qs = 0; + headers = ([]); + body = ""; + input = explode(input, " "); switch(sizeof(input)) { - default: + case 3: prot = input[2]; next_input_to(#'parse_header); case 2: @@ -140,12 +140,18 @@ parse_request(input) { unless (sscanf(url, "%s?%s", item, qs)) item = url; method = lower_case(input[0]); break; - case 1: - // should return error! - quit(); + default: + http_error(prot, R_BADREQUEST, + "invalid "+HTTP_SVERS+" request"); + quit(); return 1; } P4(("=== HTTP user requested url: %O\n", url)) if (method == "connect") next_input_to(#'parse_wait); + else if (!sizeof(url) || url[0] != '/') { + http_error(prot, R_BADREQUEST, + "invalid "+HTTP_SVERS+" request"); + quit(); return 1; + } else if (!prot) process(); // HTTP/0.9 has no headers else next_input_to(#'parse_header); } diff --git a/world/net/include/net.h b/world/net/include/net.h index 87d337a..a9162cd 100644 --- a/world/net/include/net.h +++ b/world/net/include/net.h @@ -224,7 +224,7 @@ # define PERSISTENT_MASTERS # define NEW_RENDER # define MUCSUC -# define XMPP_BIDI +//# define XMPP_BIDI #endif #define GAMMA // code that has left BETA and is in production use diff --git a/world/net/jabber/common.c b/world/net/jabber/common.c index 877e82a..830dcb9 100644 --- a/world/net/jabber/common.c +++ b/world/net/jabber/common.c @@ -51,7 +51,7 @@ int emit(string message) { string t, err; // according to http://www.w3.org/TR/xml/#charsets // remove illegal unicode chars --// thx elmex - err = catch(t = regreplace(message, "[^\\x{9}\\x{A}\\x{D}\\x{20}-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{10FFFFFF}]+", "*", RE_GLOBAL | RE_UTF8); nolog); + err = catch(t = regreplace(message, "[^\\x{9}\\x{A}\\x{D}\\x{20}-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{10FFFFF}]+", "*", RE_GLOBAL | RE_UTF8); nolog); if (err || t != message) { // Info: Chars filtered to %O. Message was %O. log_file("CHARS_XMPP", "[%s] %O %O %O\n", ctime(), diff --git a/world/net/jabber/gateway.c b/world/net/jabber/gateway.c index a4ae72e..9c4b275 100644 --- a/world/net/jabber/gateway.c +++ b/world/net/jabber/gateway.c @@ -145,7 +145,8 @@ verify_connection(string to, string from, string type) { sAuthenticated(from); #ifdef XMPP_BIDI if (bidi) { - P0(("doing register target for xmpp bidi!!!!\n")) + P0(("doing register target for xmpp bidi (2)!!!!\n")) + P0(("register_target(XMPP + %O)\n", from)) register_target(XMPP + from); } #endif @@ -423,7 +424,8 @@ jabberMsg(XMLNode node) { while (remove_call_out(#'quit) != -1); #ifdef XMPP_BIDI if (bidi) { - P0(("doing register target for xmpp bidi!!!!\n")) + P0(("doing register target for xmpp bidi (1)!!!!\n")) + P0(("register_target(XMPP + %O)\n", t)) register_target(XMPP + t); } #endif diff --git a/world/net/smtp/outgoing.c b/world/net/smtp/outgoing.c index e2c08c3..88c3796 100644 --- a/world/net/smtp/outgoing.c +++ b/world/net/smtp/outgoing.c @@ -1,5 +1,10 @@ // outgoing mail queue for psyced. +// this has not only been leaking message contents.. +// it is currently spamming previous room visitors (see /route) FIXME!! +// so we disable it completely for now +#define OFFLINE + // i *could* rewrite this to use net/spool.c // but then i'd have such a mess in my room diff --git a/world/net/tn/server.c b/world/net/tn/server.c index 71a772f..9ab1492 100644 --- a/world/net/tn/server.c +++ b/world/net/tn/server.c @@ -10,7 +10,7 @@ qScheme() { return "tn"; } human(x) { x = lower_case(x); - unless (abbrev(x, "yes") || abbrev(x, "ja") || abbrev(x, "si") || abbrev(x, "zes")) { + if (!strlen(x) || !(abbrev(x, "yes") || abbrev(x, "ja") || abbrev(x, "si") || abbrev(x, "zes"))) { emit("\nSorry, no other species welcome currently.\n\n"); } // now check limits diff --git a/world/net/usercmd.i b/world/net/usercmd.i index 236bc37..839d18e 100644 --- a/world/net/usercmd.i +++ b/world/net/usercmd.i @@ -2035,7 +2035,9 @@ tell(pal, what, palo, how, mc, tv) { #ifdef MUDLINK if (pal == "$mud") { unless (objectp(mudlink) && interactive(mudlink)) mudlink(v("mudlink")); - if (objectp(mudlink)) mudlink -> send(what +"\n"); + // we could call 'enqueue' if not interactive yet, but that would + // probably be even worse for UX. let's just drop that trigger message. + if (objectp(mudlink) && interactive(mudlink)) mudlink -> send(what +"\n"); return; } #endif // MUDLINK