From 7fdce5162b51d682046a7c75c9fbcaeac271c6d9 Mon Sep 17 00:00:00 2001
From: tilpner
Date: Sun, 12 Aug 2018 21:05:41 +0200
Subject: Sandbox reads, prevent DOS by vector literals

---
 irc/bot.rkt | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/irc/bot.rkt b/irc/bot.rkt
index abedd67..7366a6f 100644
--- a/irc/bot.rkt
+++ b/irc/bot.rkt
@@ -2,7 +2,8 @@
 (require "core.rkt"
          (for-syntax racket/base racket/syntax)
          racket/string racket/function
-         racket/stxparam)
+         racket/stxparam
+         racket/sandbox)
 (provide (all-defined-out))
 
 (define (replace-many s rep)
@@ -103,12 +104,17 @@
   (on condition action ... hook-abort))
 
 ; does this belong here?
+; limit to 5s, 25MB to prevent reading 2^30 element vectors
+(define read-sandbox
+  (parameterize ([sandbox-eval-limits '(5 25)])
+    (make-evaluator 'racket/base)))
+
 (define (safe-read-string s)
   (call-with-default-reading-parameterization
     (thunk
-      parameterize ([read-square-bracket-as-paren #f]
-                    [read-curly-brace-as-paren #f]
-                    [read-accept-compiled #f]
-                    [read-accept-reader #f]
-                    [read-accept-lang #f])
-      (read (open-input-string s)))))
+      (parameterize ([read-square-bracket-as-paren #f]
+                     [read-curly-brace-as-paren #f]
+                     [read-accept-compiled #f]
+                     [read-accept-reader #f]
+                     [read-accept-lang #f])
+        (read-sandbox `(read (open-input-string ,s)))))))
-- 
cgit v1.2.3