XMMP/Jabber clients DoS vulnerability report
Mark Doliner
mark at kingant.net
Thu Feb 11 23:31:58 EST 2010
On Wed, Feb 10, 2010 at 6:25 AM, Ethan Blanton <elb at pidgin.im> wrote:
> Mark Doliner spake unto us the following wisdom:
>> How does the attached patch look to people? It sets a limit of 200
>> smileys per GtkIMHtml by keeping a counter using g_object_get_data and
>> g_object_set_data. 200 is fairly arbitrary. My computer can handle
>> more, but my computer is fairy fast. I suspect some of our users will
>> hit the 200 limit because, well, you know our users :-), but I also
>> suspect that 200 is more than enough for any reasonable conversation.
>
> Does each smiley rendering become progressively slower, or something?
> I would be inclined to account this per-IM, not per-IMHtml. If an
> IMHtml is getting generally slow, people have time to close the window
> and open a new one; if a single IM is loaded up with smileys and
> unusably slow, that's a different matter.
I'm not sure if each smiley rendering becomes progressively slower. I
feel like it might, but I didn't look at the code very closely. It
does seem like the slowness happens when adding the smileys to the
GtkText, so having a per-IM limit might be sufficient. What if we had
both? Maybe a limit of 500 smileys total and a limit of 15 per call
to gtk_imhtml_insert_html_at_iter? I haven't tried to smaller limit,
so it may not be easy.
--Mark
More information about the security
mailing list