Skip to content
  • Rob Swindell's avatar
    0ecf245c
    Clamp the security level lines per message value between 1 and 65535 · 0ecf245c
    Rob Swindell authored 
    If a user's security level lines per message was set to '0', bad things would
happen to the heap if the user posted/sent a message. '1' is a reasonable
minimum value. If you don't want a user/group of users to send/post messages,
there are restrictions for achieving that. Also this setting is (currently,
at least) 16-bit, so clamp it there too on the high end.

Also clamp the expire-to security level setting between 0 and 99, while we're
here and noticed that this value wasn't being sanitized either.
    0ecf245c
    Clamp the security level lines per message value between 1 and 65535
    Rob Swindell authored 
    If a user's security level lines per message was set to '0', bad things would
happen to the heap if the user posted/sent a message. '1' is a reasonable
minimum value. If you don't want a user/group of users to send/post messages,
there are restrictions for achieving that. Also this setting is (currently,
at least) 16-bit, so clamp it there too on the high end.

Also clamp the expire-to security level setting between 0 and 99, while we're
here and noticed that this value wasn't being sanitized either.