Merge pull request #2039 from ergochat/dosfix

pointfix for websocket client DoS
ergochat · Jan 22, 2023 · f69b339 · f69b339
2 parents 1e1acda + ca03a42
commit f69b339
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,15 @@
 # Changelog
 All notable changes to Ergo will be documented in this file.
 
+## [2.11.1] - 2022-01-22
+
+Ergo 2.11.1 is a bugfix release, fixing a denial-of-service issue in our websocket implementation. We regret the oversight.
+
+This release includes no changes to the config file format or database file format.
+
+### Security
+* Fixed a denial-of-service issue affecting websocket clients (#2039)
+
 ## [2.11.0] - 2022-12-25
 
 We're pleased to be publishing v2.11.0, a new stable release. This is another bugfix release aimed at improving client compatibility and keeping up with the IRCv3 specification process.

diff --git a/irc/ircconn.go b/irc/ircconn.go
@@ -128,9 +128,9 @@ func (wc IRCWSConn) WriteLines(buffers [][]byte) (err error) {
 }
 
 func (wc IRCWSConn) ReadLine() (line []byte, err error) {
-	messageType, line, err := wc.conn.ReadMessage()
+	_, line, err = wc.conn.ReadMessage()
 	if err == nil {
-		if messageType == websocket.BinaryMessage && !utf8.Valid(line) {
+		if !utf8.Valid(line) {
 			return line, errInvalidUtf8
 		}
 		return line, nil

diff --git a/irc/version.go b/irc/version.go
@@ -7,7 +7,7 @@ import "fmt"
 
 const (
 	// SemVer is the semantic version of Ergo.
-	SemVer = "2.11.0"
+	SemVer = "2.11.1"
 )
 
 var (