[fix] useragents longer than 1000 are probably evil

Truncate the useragent to 1000 to avoid reject, ref: GUI/uas-parser@c33b124 The check in isSafe for the max length is still there as a safeguard.
3rd-Eden · Apr 3, 2019 · 79c7c54 · 79c7c54
1 parent 687afe4
commit 79c7c54
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/index.js b/index.js
@@ -415,6 +415,8 @@ function isSafe(userAgent) {
   var consecutive = 0
     , code = 0;
 
+  if (userAgent.length > 1000) return false;
+
   for (var i = 0; i < userAgent.length; i++) {
     code = userAgent.charCodeAt(i);
     // numbers between 0 and 9, letters between a and z, spaces and control
@@ -443,6 +445,10 @@ function isSafe(userAgent) {
  * @api public
  */
 exports.parse = function parse(userAgent, jsAgent) {
+  if (userAgent && userAgent.length > 1000) {
+    userAgent = userAgent.substring(0, 1000);
+  }
+
   if (!userAgent || !isSafe(userAgent)) return new Agent();
 
   var length = agentparserslength