Skip to content

Fixes server crash in chathistory limit parameter #2248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
prdes wants to merge 1 commit into from
Closed

Fixes server crash in chathistory limit parameter #2248

prdes wants to merge 1 commit into from

Conversation

@prdes
Copy link
Contributor

@prdes prdes commented Apr 24, 2025

When one provides a limit of -1 the prealloc gets this limit value, which is an invalid input to provide to make()

@prdes
Fixes server crash in chathistory limit parameter
60d5b47 
When one provides a limit of -1 the prealloc gets this limit
value, which is an invalid input to provide to make()

Signed-off-by: Pratyush Desai <[email protected]>
@slingamn slingamn added this to the v2.16 milestone Apr 24, 2025
@slingamn
Copy link
Member

slingamn commented Apr 24, 2025

Thanks for reporting this. This does not crash the server; it produces a panic on the client's own goroutine, which is handled here:

ergo/irc/client.go

Lines 662 to 670 in 5bab190

if r := recover(); r != nil {
client.server.logger.Error("internal",
fmt.Sprintf("Client caused panic: %v\n%s", r, debug.Stack()))
if client.server.Config().Debug.recoverFromErrors {
client.server.logger.Error("internal", "Disconnecting client and attempting to recover")
} else {
panic(r)
}
}

so it causes the client to be disconnected. Since I think this can only be caused by a programming error, not triggered by another user's input, this is not a DoS. However, please be more careful in future: if you think you might have found a DoS, please contact me privately instead of opening a PR or issue.

slingamn added a commit to slingamn/ergo that referenced this pull request Apr 24, 2025
@slingamn
validate that CHATHISTORY limit parameters are nonnegative
91d1840 
See ergochat#2248. Reported by @Mogadon
slingamn added a commit to slingamn/ergo that referenced this pull request Apr 24, 2025
@slingamn
validate that CHATHISTORY limit parameters are nonnegative
c697d5e 
See ergochat#2248. Reported by @Mogadon
slingamn added a commit to slingamn/ergo that referenced this pull request Apr 24, 2025
@slingamn
validate that CHATHISTORY limit parameters are nonnegative
a4194c3 
See ergochat#2248. Reported by @prdes
@slingamn slingamn mentioned this pull request Apr 24, 2025
Merged
@slingamn
Copy link
Member

slingamn commented Apr 24, 2025

Closing this in favor of #2249

@slingamn slingamn closed this Apr 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v2.16

Development

Successfully merging this pull request may close these issues.

2 participants

@prdes @slingamn