Incorporate strict-blocking denial-of-service fix from uBlock repo - Githubissues

dhowe / AdNauseam

AdNauseam: Fight back against advertising surveillance

GNU General Public License v3.0

4.52k stars 189 forks source link

Incorporate strict-blocking denial-of-service fix from uBlock repo #1893

Closed vtriolet closed 3 years ago

vtriolet commented 3 years ago

Describe the issue

There is a denial-of-service issue in AdNauseam's strict blocking feature that has already been patched in uBlock Origin:

It would be great if the fix could be incorporated into AdNauseam to help protect users.

Steps for anyone to reproduce the issue

Start with a clean Firefox profile
Install AdNauseam
Enable the "Block Malware" setting
In the web console, run the following code (you may have to type "allow pasting" in the console first):

// bet365.com is used because AdNauseam enables EasyList by default and because
// EasyList contains this entry: ||bet365.com/*?affiliate=$document

const url = 'http://bet365.com/?affiliate=' + 'http://a?a='.repeat(7500);
window.location = url;

// Notice that Firefox quickly consumes >2GB RAM and starts eating CPU.
// The page will eventually load if you have enough memory.

Your settings

OS/version: Arch Linux
Browser/version: Firefox 90.0
AdNauseam version: 3.10.4
Other extensions you have installed: N/A
AdNauseam settings: "Block malware" is enabled

Your filter lists

Default filter lists

mneunomne commented 3 years ago

@vtriolet thanks for the heads up! I just confirmed this in my env as well.

Then makes sense that next version of ADN catches up with the uBlock Origin v1.36.3.

mneunomne commented 3 years ago

Ah ok, didnt see that @dhowe had already fixed it. Tested and it is fixed. Closing.