From: skodak <skodak>
Date: Sun, 6 Feb 2005 10:06:25 +0000 (+0000)
Subject: detection of oversized requests from clients
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=982449512749afcbba8085f7e7fef14525474f89;p=moodle.git

detection of oversized requests from clients
---

diff --git a/mod/chat/chatd.php b/mod/chat/chatd.php
index ca70b4303c..f295b99bed 100755
--- a/mod/chat/chatd.php
+++ b/mod/chat/chatd.php
@@ -973,11 +973,17 @@ while(true) {
             if($changed > 0) {
                 // Let's see what it has to say
 
-                $data = socket_read($handle, 2048); // should be more to prevent empty pages and repeated messages!!
+                $data = socket_read($handle, 2048); // should be more than 512 to prevent empty pages and repeated messages!!
                 if(empty($data)) {
                     continue;
                 }
 
+                if (strlen($data) == 2048) { // socket_read has more data, ignore all data
+                    $DAEMON->trace('UFO with '.$handle.': Data too long; connection closed', E_USER_WARNING);
+                    $DAEMON->dismiss_ufo($handle, true, 'Data too long; connection closed');
+                    continue;
+                }
+
                 if(!ereg('win=(chat|users|message|beep).*&chat_sid=([a-zA-Z0-9]*)&groupid=([0-9]*) HTTP', $data, $info)) {
                     // Malformed data
                     $DAEMON->trace('UFO with '.$handle.': Request with malformed data; connection closed', E_USER_WARNING);