spend less cpu on http attacks, bidi tweak, stop smtp-out

2024-11-08 11:31:01 +00:00 · 2016-11-17 05:49:53 +01:00 · 2016-11-17 05:49:53 +01:00 · 3eab6d6140
commit 3eab6d6140
parent c5ce025488
7 changed files with 31 additions and 16 deletions
--- a/world/net/http/server.c
+++ b/world/net/http/server.c
@ -113,12 +113,7 @@ process_header() {
 }

 parse_request(input) {
-	P2(("=== HTTP got: %O from %O\n", input, query_ip_name(ME)))
-
-	// reset state. in case we support HTTP/1.1. do we?
-        method = item = url = prot = qs = 0;
-        headers = ([]);
-	body = "";
+	P0(("=== HTTP got: %O from %O\n", input, query_ip_name(ME)))

        if (!input || input=="") {
                // should return error?
@ -126,9 +121,14 @@ parse_request(input) {
 	    	// lets just ignore the empty line
                return 1;
        }
+	// reset state. in case we support HTTP/1.1. do we?
+        method = item = url = prot = qs = 0;
+        headers = ([]);
+	body = "";
+
 	input = explode(input, " ");
 	switch(sizeof(input)) {
-	default:
+	case 3:
 		prot = input[2];
 		next_input_to(#'parse_header);
 	case 2:
@ -140,12 +140,18 @@ parse_request(input) {
 		unless (sscanf(url, "%s?%s", item, qs)) item = url;
 		method = lower_case(input[0]);
 		break;
-	case 1:
-                // should return error!
-		quit();
+	default:
+		http_error(prot, R_BADREQUEST,
+		    "invalid "+HTTP_SVERS+" request");
+		quit(); return 1;
 	}
 	P4(("=== HTTP user requested url: %O\n", url))
 	if (method == "connect") next_input_to(#'parse_wait);
+	else if (!sizeof(url) || url[0] != '/') {
+		http_error(prot, R_BADREQUEST,
+		    "invalid "+HTTP_SVERS+" request");
+		quit(); return 1;
+        }
 	else if (!prot) process();	// HTTP/0.9 has no headers
 	else next_input_to(#'parse_header);
 }
--- a/world/net/include/net.h
+++ b/world/net/include/net.h
@ -224,7 +224,7 @@
 # define PERSISTENT_MASTERS
 # define NEW_RENDER
 # define MUCSUC
-# define XMPP_BIDI
+//# define XMPP_BIDI
 #endif
 #define GAMMA   // code that has left BETA and is in production use

--- a/world/net/jabber/common.c
+++ b/world/net/jabber/common.c
@ -51,7 +51,7 @@ int emit(string message) {
 	string t, err;
 	// according to http://www.w3.org/TR/xml/#charsets
 	// remove illegal unicode chars --// thx elmex
-	err = catch(t = regreplace(message, "[^\\x{9}\\x{A}\\x{D}\\x{20}-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{10FFFFFF}]+", "*", RE_GLOBAL | RE_UTF8); nolog);
+	err = catch(t = regreplace(message, "[^\\x{9}\\x{A}\\x{D}\\x{20}-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{10FFFFF}]+", "*", RE_GLOBAL | RE_UTF8); nolog);
 	if (err || t != message) {
 		// Info: Chars filtered to %O. Message was %O.
 		log_file("CHARS_XMPP", "[%s] %O %O %O\n", ctime(),
--- a/world/net/jabber/gateway.c
+++ b/world/net/jabber/gateway.c
@ -145,7 +145,8 @@ verify_connection(string to, string from, string type) {
 	sAuthenticated(from);
 #ifdef XMPP_BIDI
 	if (bidi) {
-		P0(("doing register target for xmpp bidi!!!!\n"))
+		P0(("doing register target for xmpp bidi (2)!!!!\n"))
+		P0(("register_target(XMPP + %O)\n", from))
 		register_target(XMPP + from);
 	}
 #endif
@ -423,7 +424,8 @@ jabberMsg(XMLNode node) {
 		    while (remove_call_out(#'quit) != -1);
 #ifdef XMPP_BIDI
 		    if (bidi) {
-			    P0(("doing register target for xmpp bidi!!!!\n"))
+			    P0(("doing register target for xmpp bidi (1)!!!!\n"))
+			    P0(("register_target(XMPP + %O)\n", t))
 			    register_target(XMPP + t);
 		    }
 #endif
--- a/world/net/smtp/outgoing.c
+++ b/world/net/smtp/outgoing.c
@ -1,5 +1,10 @@
 // outgoing mail queue for psyced.

+// this has not only been leaking message contents..
+// it is currently spamming previous room visitors (see /route) FIXME!!
+// so we disable it completely for now
+#define OFFLINE
+
 // i *could* rewrite this to use net/spool.c
 // but then i'd have such a mess in my room

--- a/world/net/tn/server.c
+++ b/world/net/tn/server.c
@ -10,7 +10,7 @@ qScheme() { return "tn"; }

 human(x) {
 	x = lower_case(x);
-	unless (abbrev(x, "yes") || abbrev(x, "ja") || abbrev(x, "si") || abbrev(x, "zes")) {
+	if (!strlen(x) || !(abbrev(x, "yes") || abbrev(x, "ja") || abbrev(x, "si") || abbrev(x, "zes"))) {
 		emit("\nSorry, no other species welcome currently.\n\n");
 	}
 		// now check limits
--- a/world/net/usercmd.i
+++ b/world/net/usercmd.i
@ -2035,7 +2035,9 @@ tell(pal, what, palo, how, mc, tv) {
 #ifdef MUDLINK
 	if (pal == "$mud") {
 		unless (objectp(mudlink) && interactive(mudlink)) mudlink(v("mudlink"));
-		if (objectp(mudlink)) mudlink -> send(what +"\n");
+		// we could call 'enqueue' if not interactive yet, but that would
+		// probably be even worse for UX. let's just drop that trigger message.
+		if (objectp(mudlink) && interactive(mudlink)) mudlink -> send(what +"\n");
 		return;
 	}
 #endif // MUDLINK