search

witnessmenow / Universal-Arduino-Telegram-Bot

Use Telegram on your Arduino (ESP8266 or Wifi-101 boards)
MIT License
1.12k stars 306 forks source link

anonym message-"bomb" kills bot #266

Open umbm opened 2 years ago

umbm commented 2 years ago

For testing I sent a large text to the bot and the bot doesnt work anymore.

I activated #define TELEGRAM_DEBUG 1 in UniversalTelegramBot.h and got this:

incoming message length 1500 Creating DynamicJsonBuffer Failed to parse update, the message could be too big for the buffer. Error code: IncompleteInput Closing client GET Update Messages [BOT]Connecting to server sending: bot2 . . . [cut]

This runs in an infinite loop and the bot does not work anymore.

Biggest problem: I sent the too large message from an not connected account to the password protected bot and this runs in this issue. Means: everybody who finds the bot can kill it with a simple too large text-message.

umbm commented 2 years ago

Suggestion to solve the problem: Get the update_id from message what creates the error: {"ok":true,"result":[{"update_id":115492776,

Start a new request with offset update_id +1 (at least) /getUpdates?offset=115492777&limit=1

This marks the message as read and the bot is running again.

If someone gets in this trap meanwhile you can solve it manually going 3 steps:

Get the next message of the bot in browser: https://api.telegram.org/bot[your bot token here]/getUpdates?offset=1&limit=1 Take the update_id from response, add 1 and call bot again with the offset. https://api.telegram.org/bot[your bot token here]/getUpdates?offset=115492777&limit=1

RobertGnz commented 2 years ago

I ran into the same problem. See #275 here https://github.com/witnessmenow/Universal-Arduino-Telegram-Bot/issues/275 The problem comes from a bug in UniversalTelegramBot::getUpdates() . I suggested a patch to automatically solve the problem.

francwalter commented 2 years ago

Suggestion to solve the problem: Get the update_id from message what creates the error: {"ok":true,"result":[{"update_id":115492776, ...

Do you know why it is not possible to just delete that bad message? I tried this, but got error, no delete possible, see my answer at #275

francwalter commented 2 years ago

Maybe I waited too long. In the API I can read, that deleteMessage is only possible in between 48 hours. I tested this again and it works when I do it right after writing a message. E.g.:

https://api.telegram.org/bot123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11/deleteMessage?chat_id=1234567890&message_id=418

this worked, I got then something like:

`{"ok":true,"result":true}

Didnt get the editMessage to work, here I always get some:

{"ok":false,"error_code":404,"description":"Not Found"}

But after all, the repo should be fixed, at least the changes from RobertGnz put into the code. But it seems abandoned :( I think I will fork it and put at least the fix in it...

francwalter commented 2 years ago

Done. Created my own fork And I created a pull request with the fix from Robert. But very unlikely that this pull could get pulled once. The original Repo is dead since a while (anyway very useful and good work). See also the fork from Jose where he "fixes" the use of Strings. But it is behind master of original, its more to get ideas where to change the strings.