Misc: Security fix to @last: time-consuming could freeze the bot. Closes

 GH-157.

plugins/Misc/plugin.py

@@ -47,6 +47,9 @@
 from supybot.i18n import PluginInternationalization, internationalizeDocstring
 _ = PluginInternationalization('Misc')
 
+class RegexpTimeout(Exception):
+    pass
+
 class Misc(callbacks.Plugin):
     def __init__(self, irc):
         self.__parent = super(Misc, self)
@@ -332,10 +335,14 @@ def f(m, arg=arg):
                 predicates.setdefault('without', []).append(f)
             elif option == 'regexp':
                 def f(m, arg=arg):
+                    startedOn = time.time()
                     if ircmsgs.isAction(m):
-                        return arg.search(ircmsgs.unAction(m))
+                        return_ = arg.search(ircmsgs.unAction(m))
                     else:
-                        return arg.search(m.args[1])
+                        return_ = arg.search(m.args[1])
+                    if startedOn + 0.0001 < time.time():
+                        raise RegexpTimeout()
+                    return return_
                 predicates.setdefault('regexp', []).append(f)
             elif option == 'nolimit':
                 nolimit = True
@@ -370,8 +377,12 @@ def notSecretMsg(m):
             showNick = True
         for m in iterable:
             for predicate in predicates:
-                if not predicate(m):
-                    break
+                try:
+                    if not predicate(m):
+                        break
+                except RegexpTimeout:
+                    irc.error(_('The regular expression timed out.'))
+                    return
             else:
                 if nolimit:
                     resp.append(ircmsgs.prettyPrint(m,

src/version.py

@@ -1,3 +1,3 @@
 """stick the various versioning attributes in here, so we only have to change
 them once."""
-version = '0.83.4.1+limnoria (2011-08-12T13:07:40+0200)'
+version = '0.83.4.1+limnoria (2011-08-12T18:51:40+0200)'