XMMP/Jabber clients DoS vulnerability report
Ethan Blanton
elb at pidgin.im
Wed Feb 10 09:25:33 EST 2010
Mark Doliner spake unto us the following wisdom:
> How does the attached patch look to people? It sets a limit of 200
> smileys per GtkIMHtml by keeping a counter using g_object_get_data and
> g_object_set_data. 200 is fairly arbitrary. My computer can handle
> more, but my computer is fairy fast. I suspect some of our users will
> hit the 200 limit because, well, you know our users :-), but I also
> suspect that 200 is more than enough for any reasonable conversation.
Does each smiley rendering become progressively slower, or something?
I would be inclined to account this per-IM, not per-IMHtml. If an
IMHtml is getting generally slow, people have time to close the window
and open a new one; if a single IM is loaded up with smileys and
unusably slow, that's a different matter.
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100210/06a6b52b/attachment.pgp>
More information about the security
mailing list