mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-22 16:36:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 33

Security: Fix revision parsing (#5772)

Browse source 
A carefully crated URL can cause Etherpad to hang.
This commit is contained in:
John McLear 2023-06-26 18:17:06 +01:00 committed by GitHub
parent 1d289520eb
commit 1e98033632
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 325 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/node/db/Pad.js
View file

@ -172,6 +172,9 @@ class Pad {
async getInternalRevisionAText(targetRev) {
const keyRev = this.getKeyRevisionNumber(targetRev);
const headRev = this.getHeadRevisionNumber();
if (targetRev > headRev)
targetRev = headRev;
const [keyAText, changesets] = await Promise.all([
this._getKeyRevisionAText(keyRev),
Promise.all(