-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: urcd action: commit revision: path_from: revision_from: 7438a72a9f7887b86288855cbef32d86e382db5f: path_to: revision_to:
commit 7438a72a9f7887b86288855cbef32d86e382db5f Author: root <root@d3v11.ano> Date: Sun Feb 17 16:52:51 2013 +0000 [URC][security] eliminate local DoS (check buffsize for MTU and newline for outbound, enforce MTU + newline on incoming) diff --git a/src/urcrecv.pyx b/src/urcrecv.pyx
--- a/src/urcrecv.pyx +++ b/src/urcrecv.pyx @@ -21,13 +21,14 @@ sock.setblocking(0) while 1: buffer = str() + while 1: byte = os.read(0,1) - if not byte or len(buffer)>1024: - sys.exit(0) - buffer+=byte - if byte == '\n': + if not byte: sys.exit(0) + elif byte == '\n': + buffer+=byte break + elif len(buffer)<1024: buffer+=byte time.sleep(LIMIT) diff --git a/src/urcsend.pyx b/src/urcsend.pyx
--- a/src/urcsend.pyx +++ b/src/urcsend.pyx @@ -34,8 +34,7 @@ sock.bind(str(os.getpid())) while 1: buffer, path = sock.recvfrom(1024) - if not path: - continue + if not path or buffer[len(buffer)-1:] != '\n': continue try: if not os.write(fd,buffer): diff --git a/src/urcstream.pyx b/src/urcstream.pyx
--- a/src/urcstream.pyx +++ b/src/urcstream.pyx @@ -67,14 +67,17 @@ def server_poll(): while 1: if client_poll(): + buffer = str() + while 1: byte = os.read(rd,1) - if not byte or len(buffer)>1024: - sock_close(15,0) - buffer+=byte - if byte == '\n': + if not byte: sock_close(15,0) + elif byte == '\n': + buffer+=byte break + elif len(buffer)<1024: buffer+=byte + for path in os.listdir(root): try: if path != user: @@ -84,6 +87,7 @@ while 1: while server_poll(): buffer = os.read(sd,1024) + if buffer[len(buffer)-1:] != '\n': continue try: if not os.write(wr,buffer): sock_close(15,0)
-----END OF PAGE-----
-- Response ended
-- Page fetched on Sun Jun 2 14:35:16 2024