From 3eab6d6140339c682a55f9c15c608427c23a74d4 Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Thu, 17 Nov 2016 05:49:53 +0100 Subject: [PATCH 1/2] spend less cpu on http attacks, bidi tweak, stop smtp-out --- world/net/http/server.c | 26 ++++++++++++++++---------- world/net/include/net.h | 2 +- world/net/jabber/common.c | 2 +- world/net/jabber/gateway.c | 6 ++++-- world/net/smtp/outgoing.c | 5 +++++ world/net/tn/server.c | 2 +- world/net/usercmd.i | 4 +++- 7 files changed, 31 insertions(+), 16 deletions(-) diff --git a/world/net/http/server.c b/world/net/http/server.c index 96d50c0..8e8ca3a 100644 --- a/world/net/http/server.c +++ b/world/net/http/server.c @@ -113,12 +113,7 @@ process_header() { } parse_request(input) { - P2(("=== HTTP got: %O from %O\n", input, query_ip_name(ME))) - - // reset state. in case we support HTTP/1.1. do we? - method = item = url = prot = qs = 0; - headers = ([]); - body = ""; + P0(("=== HTTP got: %O from %O\n", input, query_ip_name(ME))) if (!input || input=="") { // should return error? @@ -126,9 +121,14 @@ parse_request(input) { // lets just ignore the empty line return 1; } + // reset state. in case we support HTTP/1.1. do we? + method = item = url = prot = qs = 0; + headers = ([]); + body = ""; + input = explode(input, " "); switch(sizeof(input)) { - default: + case 3: prot = input[2]; next_input_to(#'parse_header); case 2: @@ -140,12 +140,18 @@ parse_request(input) { unless (sscanf(url, "%s?%s", item, qs)) item = url; method = lower_case(input[0]); break; - case 1: - // should return error! - quit(); + default: + http_error(prot, R_BADREQUEST, + "invalid "+HTTP_SVERS+" request"); + quit(); return 1; } P4(("=== HTTP user requested url: %O\n", url)) if (method == "connect") next_input_to(#'parse_wait); + else if (!sizeof(url) || url[0] != '/') { + http_error(prot, R_BADREQUEST, + "invalid "+HTTP_SVERS+" request"); + quit(); return 1; + } else if (!prot) process(); // HTTP/0.9 has no headers else next_input_to(#'parse_header); } diff --git a/world/net/include/net.h b/world/net/include/net.h index 87d337a..a9162cd 100644 --- a/world/net/include/net.h +++ b/world/net/include/net.h @@ -224,7 +224,7 @@ # define PERSISTENT_MASTERS # define NEW_RENDER # define MUCSUC -# define XMPP_BIDI +//# define XMPP_BIDI #endif #define GAMMA // code that has left BETA and is in production use diff --git a/world/net/jabber/common.c b/world/net/jabber/common.c index 877e82a..830dcb9 100644 --- a/world/net/jabber/common.c +++ b/world/net/jabber/common.c @@ -51,7 +51,7 @@ int emit(string message) { string t, err; // according to http://www.w3.org/TR/xml/#charsets // remove illegal unicode chars --// thx elmex - err = catch(t = regreplace(message, "[^\\x{9}\\x{A}\\x{D}\\x{20}-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{10FFFFFF}]+", "*", RE_GLOBAL | RE_UTF8); nolog); + err = catch(t = regreplace(message, "[^\\x{9}\\x{A}\\x{D}\\x{20}-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{10FFFFF}]+", "*", RE_GLOBAL | RE_UTF8); nolog); if (err || t != message) { // Info: Chars filtered to %O. Message was %O. log_file("CHARS_XMPP", "[%s] %O %O %O\n", ctime(), diff --git a/world/net/jabber/gateway.c b/world/net/jabber/gateway.c index a4ae72e..9c4b275 100644 --- a/world/net/jabber/gateway.c +++ b/world/net/jabber/gateway.c @@ -145,7 +145,8 @@ verify_connection(string to, string from, string type) { sAuthenticated(from); #ifdef XMPP_BIDI if (bidi) { - P0(("doing register target for xmpp bidi!!!!\n")) + P0(("doing register target for xmpp bidi (2)!!!!\n")) + P0(("register_target(XMPP + %O)\n", from)) register_target(XMPP + from); } #endif @@ -423,7 +424,8 @@ jabberMsg(XMLNode node) { while (remove_call_out(#'quit) != -1); #ifdef XMPP_BIDI if (bidi) { - P0(("doing register target for xmpp bidi!!!!\n")) + P0(("doing register target for xmpp bidi (1)!!!!\n")) + P0(("register_target(XMPP + %O)\n", t)) register_target(XMPP + t); } #endif diff --git a/world/net/smtp/outgoing.c b/world/net/smtp/outgoing.c index e2c08c3..88c3796 100644 --- a/world/net/smtp/outgoing.c +++ b/world/net/smtp/outgoing.c @@ -1,5 +1,10 @@ // outgoing mail queue for psyced. +// this has not only been leaking message contents.. +// it is currently spamming previous room visitors (see /route) FIXME!! +// so we disable it completely for now +#define OFFLINE + // i *could* rewrite this to use net/spool.c // but then i'd have such a mess in my room diff --git a/world/net/tn/server.c b/world/net/tn/server.c index 71a772f..9ab1492 100644 --- a/world/net/tn/server.c +++ b/world/net/tn/server.c @@ -10,7 +10,7 @@ qScheme() { return "tn"; } human(x) { x = lower_case(x); - unless (abbrev(x, "yes") || abbrev(x, "ja") || abbrev(x, "si") || abbrev(x, "zes")) { + if (!strlen(x) || !(abbrev(x, "yes") || abbrev(x, "ja") || abbrev(x, "si") || abbrev(x, "zes"))) { emit("\nSorry, no other species welcome currently.\n\n"); } // now check limits diff --git a/world/net/usercmd.i b/world/net/usercmd.i index 236bc37..839d18e 100644 --- a/world/net/usercmd.i +++ b/world/net/usercmd.i @@ -2035,7 +2035,9 @@ tell(pal, what, palo, how, mc, tv) { #ifdef MUDLINK if (pal == "$mud") { unless (objectp(mudlink) && interactive(mudlink)) mudlink(v("mudlink")); - if (objectp(mudlink)) mudlink -> send(what +"\n"); + // we could call 'enqueue' if not interactive yet, but that would + // probably be even worse for UX. let's just drop that trigger message. + if (objectp(mudlink) && interactive(mudlink)) mudlink -> send(what +"\n"); return; } #endif // MUDLINK From 92aaf00fffe7f083db0581a6cdf2f9e549c2a221 Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Wed, 1 Mar 2017 18:50:59 +0100 Subject: [PATCH 2/2] is this the fix to get it working with new pcre? --- CHANGESTODO | 29 +++++++++++++++++++++++++---- bin/psyconf | 2 +- place/freenode.c | 4 ++-- world/net/gateway/generic.c | 2 +- world/net/jabber/common.c | 2 +- world/net/tn/outgoing.c | 2 +- 6 files changed, 31 insertions(+), 10 deletions(-) diff --git a/CHANGESTODO b/CHANGESTODO index 0d9221f..18aadbc 100644 --- a/CHANGESTODO +++ b/CHANGESTODO @@ -1853,9 +1853,9 @@ see also: http://about.psyc.eu/SPAM evtl nicht alle im richtigen channel, um den enter zu sehen..) == IRC ISSUES 1.0 ====================================================== -- according to rfc and ircd source IRC parser should accept when the last - argument is just a word instead of a phrase prefixed by : - this is unusual, but legal: "PRIVMSG #blah hello" +- when using +follow instead of /join, the current place is stored and + an autojoin is performed on next login. we should abolish the concept + of "current place" for irc clients, i guess. + some irc clients do not implement their own pinging, and some NATs really kill your irc session if it is too quiet too long. we need optional server @@ -3953,7 +3953,28 @@ net/spyc net/psyc + looks like it is a good idea to activate XMPP_BIDI by default - folklore: fixed the output order of messages in place/basic === 201602 ============================================================ +- disallow people to expose private data by crypto downgrade + irc: introducing _data_psyctext as a way to output the proper psyced error message to IRC clients when failing to enter a channel with restrictions like obligatory encryption - ++ more advanced psyconf +=== 201605 ============================================================ ++ support for ACME aka letsencrypt ++ gentoo ebuilds have moved into youbroketheinternet overlay +=== 201606 ============================================================ +- according to rfc and ircd source IRC parser should accept when + the last argument is just a word instead of a phrase prefixed by : + this is unusual, but legal: "PRIVMSG #blah hello" (thx defanor) + -> fixed in a68a84b9248ac3865d98c86397df3d4451905f61 +=== 201607 ============================================================ ++ integration of textual MUD gaming by /set mudlink and /talk $mud ++ demonstration of outgoing TCP from chatrooms with the @nemesis + place that connects to the Nemesis MUD ++ properly display onion-protected incoming connections + in /tcp and /lu +- minor fix in @remotor for users of the Tor remote control tool +=== 2016xx ============================================================ ++ improve resistance against anti-ethical business models: + future changes to psyced are subject to Affero GPL ++ recognize gnunet-exit as secure transport +=== 2017xx ============================================================ diff --git a/bin/psyconf b/bin/psyconf index aeb611c..2448548 100755 --- a/bin/psyconf +++ b/bin/psyconf @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl ### -I/opt/psyced/utility # the include path would help finding INI.pm, but what if you the user # have decided to install psyced elsewhere? diff --git a/place/freenode.c b/place/freenode.c index 7f32f95..5f6b946 100644 --- a/place/freenode.c +++ b/place/freenode.c @@ -12,8 +12,8 @@ #ifdef BRAIN # echo BRAIN: connecting to freenode IRC server -//# define CONNECT_IRC "irc." NAME ".net" -# define CONNECT_IRC "calvino.freenode.net" +# define CONNECT_IRC "irc." NAME ".net" +//# define CONNECT_IRC "calvino.freenode.net" //# define CHAT_CHANNEL "esp" //# define CHAT_CHANNEL "23c3" # define PASS_IRC IRCGATE_FREENODE diff --git a/world/net/gateway/generic.c b/world/net/gateway/generic.c index 9a5f507..c2da1cd 100644 --- a/world/net/gateway/generic.c +++ b/world/net/gateway/generic.c @@ -136,7 +136,7 @@ static who() { mixed idle; string desc; - reply("--- /who of local users of "+ SERVER_UNIFORM); + reply("--- /who of visible local users of "+ SERVER_UNIFORM); u = objects_people(); all = sizeof(u) < 23; // same code in usercmd.i diff --git a/world/net/jabber/common.c b/world/net/jabber/common.c index 830dcb9..4459dc4 100644 --- a/world/net/jabber/common.c +++ b/world/net/jabber/common.c @@ -51,7 +51,7 @@ int emit(string message) { string t, err; // according to http://www.w3.org/TR/xml/#charsets // remove illegal unicode chars --// thx elmex - err = catch(t = regreplace(message, "[^\\x{9}\\x{A}\\x{D}\\x{20}-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{10FFFFF}]+", "*", RE_GLOBAL | RE_UTF8); nolog); + err = catch(t = regreplace(message, "[^\\x{9}\\x{A}\\x{D}\\x{20}-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{FFFFF}]+", "*", RE_GLOBAL | RE_UTF8); nolog); if (err || t != message) { // Info: Chars filtered to %O. Message was %O. log_file("CHARS_XMPP", "[%s] %O %O %O\n", ctime(), diff --git a/world/net/tn/outgoing.c b/world/net/tn/outgoing.c index d290dd4..b269237 100644 --- a/world/net/tn/outgoing.c +++ b/world/net/tn/outgoing.c @@ -65,7 +65,7 @@ logon(failure) { int rc = ::logon(failure); unless (rc) return 0; next_input_to(#'parse); - parse("[connected]"); // hack to maintain logon ascii graphics intact + parse(""); // hack to maintain logon ascii graphics intact // could have queued this instead: if (connectstring) call_out(#'send, 1, connectstring); call_out(#'runQ, 3); // deliver the queue of messages in circuit.c