Fix a vulnerability in chatMsg handler

This commit is contained in:
calzoneman 2013-10-12 18:25:36 -05:00
parent babeb01ebe
commit 51d89b99e8
2 changed files with 10 additions and 0 deletions

View file

@ -1,3 +1,6 @@
Sat Oct 12 18:24 2013 CDT
* lib/user.js: Fix bad chatMsg packet causing exceptions
Sat Oct 12 15:53 2013 CDT Sat Oct 12 15:53 2013 CDT
* lib/channel.js: Add a try-catch to playlist loading to catch * lib/channel.js: Add a try-catch to playlist loading to catch
the mysterious error that's been coming up (corrupt pl?) the mysterious error that's been coming up (corrupt pl?)

View file

@ -229,6 +229,13 @@ User.prototype.initCallbacks = function () {
self.socket.on("chatMsg", function (data) { self.socket.on("chatMsg", function (data) {
if (self.inChannel()) { if (self.inChannel()) {
if (typeof data.msg !== "string") {
self.socket.emit("kick", {
reason: "Invalid chatMsg packet!"
});
self.socket.disconnect(true);
return;
}
if (data.msg.indexOf("/afk") !== 0) { if (data.msg.indexOf("/afk") !== 0) {
self.setAFK(false); self.setAFK(false);
self.autoAFK(); self.autoAFK();