XMMP/Jabber clients DoS vulnerability report

Mark Doliner mark at kingant.net
Thu Feb 11 23:31:58 EST 2010

On Wed, Feb 10, 2010 at 6:25 AM, Ethan Blanton <elb at pidgin.im> wrote:
> Mark Doliner spake unto us the following wisdom:
>> How does the attached patch look to people?  It sets a limit of 200
>> smileys per GtkIMHtml by keeping a counter using g_object_get_data and
>> g_object_set_data.  200 is fairly arbitrary.  My computer can handle
>> more, but my computer is fairy fast.  I suspect some of our users will
>> hit the 200 limit because, well, you know our users :-), but I also
>> suspect that 200 is more than enough for any reasonable conversation.
> Does each smiley rendering become progressively slower, or something?
> I would be inclined to account this per-IM, not per-IMHtml.  If an
> IMHtml is getting generally slow, people have time to close the window
> and open a new one; if a single IM is loaded up with smileys and
> unusably slow, that's a different matter.

I'm not sure if each smiley rendering becomes progressively slower.  I
feel like it might, but I didn't look at the code very closely.  It
does seem like the slowness happens when adding the smileys to the
GtkText, so having a per-IM limit might be sufficient.  What if we had
both?  Maybe a limit of 500 smileys total and a limit of 15 per call
to gtk_imhtml_insert_html_at_iter?  I haven't tried to smaller limit,
so it may not be easy.


More information about the security mailing list