Closed JamesOlvertone closed 2 years ago
zlatinb
commented
2 years ago Hi I've seen this crash. It happens because Mu Wire filters certain characters when searching by keyword. If you want to search for a regular expression surround the query in / like this /.*/ and it will work.
I'll add some warning to prevent the crash but I broke a finger so I won't be able to do it for another 2-3 weejs.
JamesOlvertone
commented
2 years ago Broken finger? Oh boy! Get well soon!
When I use /.*/ I get a lot of results and muwire is responding very very slow, I have to kill it.
JamesOlvertone
commented
2 years ago Yes there are now some warning. I get no warning for "/.*/". Ok technically its a correct search term, mw does not crash but becomes unresponsive very soon. I think this kind of search term should be blocked.
Can such search terms be used to "denial-of-service" the muwire net?
zlatinb
commented
2 years ago I can't think of a good way to block a regular expression for being too wide. (I have some ideas but they are very preliminary.) Also, wide regular expressions help in load-testing MuWire; I would rather fix the GUI from becoming unresponsive than ban queries that may return many results. If you want, create an issue for the unresponsiveness and then we can try some things to address that.
Regarding DOS, nodes will not respond to more than 2 regular expression queries per person per second. If someone tries to send more than 2 regex queries in the same second, the extra will just be dropped. The same goes for keyword queries except the limit there is 5/second.
JamesOlvertone
commented
2 years ago ok.
Enter
*or.*in search field and see muwire crash.Used version: 0.8.13b4 jre: 11.0.15