Fix a vulnerability in chatMsg handler

2013-10-12 18:25:36 -05:00 · 2013-10-12 18:25:36 -05:00 · 51d89b99e8
commit 51d89b99e8
parent babeb01ebe
2 changed files with 10 additions and 0 deletions
--- a/lib/user.js
+++ b/lib/user.js
@ -229,6 +229,13 @@ User.prototype.initCallbacks = function () {

    self.socket.on("chatMsg", function (data) {
        if (self.inChannel()) {
+            if (typeof data.msg !== "string") {
+                self.socket.emit("kick", {
+                    reason: "Invalid chatMsg packet!"
+                });
+                self.socket.disconnect(true);
+                return;
+            }
            if (data.msg.indexOf("/afk") !== 0) {
                self.setAFK(false);
                self.autoAFK();