From 982449512749afcbba8085f7e7fef14525474f89 Mon Sep 17 00:00:00 2001 From: skodak Date: Sun, 6 Feb 2005 10:06:25 +0000 Subject: [PATCH] detection of oversized requests from clients --- mod/chat/chatd.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mod/chat/chatd.php b/mod/chat/chatd.php index ca70b4303c..f295b99bed 100755 --- a/mod/chat/chatd.php +++ b/mod/chat/chatd.php @@ -973,11 +973,17 @@ while(true) { if($changed > 0) { // Let's see what it has to say - $data = socket_read($handle, 2048); // should be more to prevent empty pages and repeated messages!! + $data = socket_read($handle, 2048); // should be more than 512 to prevent empty pages and repeated messages!! if(empty($data)) { continue; } + if (strlen($data) == 2048) { // socket_read has more data, ignore all data + $DAEMON->trace('UFO with '.$handle.': Data too long; connection closed', E_USER_WARNING); + $DAEMON->dismiss_ufo($handle, true, 'Data too long; connection closed'); + continue; + } + if(!ereg('win=(chat|users|message|beep).*&chat_sid=([a-zA-Z0-9]*)&groupid=([0-9]*) HTTP', $data, $info)) { // Malformed data $DAEMON->trace('UFO with '.$handle.': Request with malformed data; connection closed', E_USER_WARNING); -- 2.39.5