detection of oversized requests from clients

diff --git a/mod/chat/chatd.php b/mod/chat/chatd.php
index ca70b4303cc05b4eb149240dea933f8cdcd0e22a..f295b99bed2cb8649b4883d193832ef507380ae4 100755 (executable)
--- a/mod/chat/chatd.php
+++ b/mod/chat/chatd.php
@@ -973,11 +973,17 @@ while(true) {
             if($changed > 0) {
                 // Let's see what it has to say
 
-                $data = socket_read($handle, 2048); // should be more to prevent empty pages and repeated messages!!
+                $data = socket_read($handle, 2048); // should be more than 512 to prevent empty pages and repeated messages!!
                 if(empty($data)) {
                     continue;
                 }
 
+                if (strlen($data) == 2048) { // socket_read has more data, ignore all data
+                    $DAEMON->trace('UFO with '.$handle.': Data too long; connection closed', E_USER_WARNING);
+                    $DAEMON->dismiss_ufo($handle, true, 'Data too long; connection closed');
+                    continue;
+                }
+
                 if(!ereg('win=(chat|users|message|beep).*&chat_sid=([a-zA-Z0-9]*)&groupid=([0-9]*) HTTP', $data, $info)) {
                     // Malformed data
                     $DAEMON->trace('UFO with '.$handle.': Request with malformed data; connection closed', E_USER_WARNING);