diff options
-rw-r--r-- | irc/bot.rkt | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/irc/bot.rkt b/irc/bot.rkt index abedd67..7366a6f 100644 --- a/irc/bot.rkt +++ b/irc/bot.rkt @@ -2,7 +2,8 @@ (require "core.rkt" (for-syntax racket/base racket/syntax) racket/string racket/function - racket/stxparam) + racket/stxparam + racket/sandbox) (provide (all-defined-out)) (define (replace-many s rep) @@ -103,12 +104,17 @@ (on condition action ... hook-abort)) ; does this belong here? +; limit to 5s, 25MB to prevent reading 2^30 element vectors +(define read-sandbox + (parameterize ([sandbox-eval-limits '(5 25)]) + (make-evaluator 'racket/base))) + (define (safe-read-string s) (call-with-default-reading-parameterization (thunk - parameterize ([read-square-bracket-as-paren #f] - [read-curly-brace-as-paren #f] - [read-accept-compiled #f] - [read-accept-reader #f] - [read-accept-lang #f]) - (read (open-input-string s))))) + (parameterize ([read-square-bracket-as-paren #f] + [read-curly-brace-as-paren #f] + [read-accept-compiled #f] + [read-accept-reader #f] + [read-accept-lang #f]) + (read-sandbox `(read (open-input-string ,s))))))) |