scripts icon indicating copy to clipboard operation
scripts copied to clipboard
verified publisher icon weechat

chanop.py: freezes when using excess wildcards

Open jlu5 opened this issue 10 years ago • 5 comments

Something like /mode #channel +b *!*@************ can freeze WeeChat entirely at 100% CPU usage.

I'm not sure if this issue is remotely exploitable (I'm thinking that the Affects: whoever is only displayed when you're (un)setting a ban).

Using WeeChat 1.1.1 and chanop.py 0.3.1.

jlu5 avatar Feb 21 '15 05:02 jlu5

I'm not sure if this issue is remotely exploitable (I'm thinking that the Affects: whoever is only displayed when you're (un)setting a ban).

This is remotely exploitable as Affects: whoever is displayed on every channel that you have in plugins.var.python.chanop.watchlist.<NETWORK>. That variable is appended always when you run /o<command> on any channel. There is also issue https://github.com/weechat/scripts/issues/35 even if it's not implemented yet.

Mikaela avatar Feb 21 '15 07:02 Mikaela

Ping @m4v since they seem to be the creator of the script?

jlu5 avatar Feb 21 '15 17:02 jlu5

I think @m4v has said that they don't update or write WeeChat scripts anymore.

Mikaela avatar Feb 21 '15 21:02 Mikaela

this is probably a regex matching taking exponential time to return. I can think two ways of solving this, sanitizing the input pattern or creating a subprocess for solve the regex and kill it if it takes too long. Sanitizing the input would be the most easy to implement I think.

I think @m4v has said that they don't update or write WeeChat scripts anymore.

Several occasions I meant to do some updates but lately I'm getting easily distracted by other stuff :P

m4v avatar Feb 28 '15 18:02 m4v

If no one else is working on this, I can take a shot at it.

SamStrongTalks avatar Dec 01 '17 18:12 SamStrongTalks