[backend/libmfm] Wrap MFM payloads that cause the parser to time out in a MfmPlainNode

2024-11-27 04:49:17 +01:00 · 2024-11-27 04:49:17 +01:00 · d6f4f5bd51
commit d6f4f5bd51
parent 556ada822f
1 changed files with 10 additions and 0 deletions
--- a/Iceshrimp.Backend/Core/Helpers/LibMfm/Serialization/MfmSerializer.cs
+++ b/Iceshrimp.Backend/Core/Helpers/LibMfm/Serialization/MfmSerializer.cs
@ -138,6 +138,16 @@ public static class MfmSerializer
 					result.Append(end);
 					break;
 				}
+				case MfmTimeoutTextNode mfmTimeoutTextNode:
+				{
+					// This mitigates MFM DoS payloads, since every incoming note is parsed & reserialized.
+					// We need to remove all </plain> tags to make sure that the mitigation can't be bypassed by adding </plain> to the payload.
+					// Opening <plain> tags are removed because they are now unnecessary.
+					result.Append("<plain>");
+					result.Append(mfmTimeoutTextNode.Text.Replace("<plain>", "").Replace("</plain>", ""));
+					result.Append("</plain>");
+					break;
+				}
 				case MfmTextNode mfmTextNode:
 				{
 					result.Append(mfmTextNode.Text);