New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle utf8 decoding errors #1076

Merged
merged 3 commits into from Apr 17, 2018

Conversation

Projects
None yet
3 participants
@jh0ker
Member

jh0ker commented Apr 15, 2018

As pointed out in #1072, malicious clients can send arbitrary callback_data in callback queries, even bytes that can't be decoded using the utf-8 codec. This would bring the whole bot to a halt.

@jh0ker jh0ker added the bug 🐛 label Apr 15, 2018

@tsnoam

tsnoam approved these changes Apr 16, 2018

@tsnoam tsnoam merged commit b77b329 into master Apr 17, 2018

3 of 5 checks passed

codecov/patch 75% of diff hit (target 92.43%)
Details
codecov/project 92.39% (-0.05%) compared to 712baf0
Details
Hound No violations found. Woof!
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@jsmnbom jsmnbom deleted the malicious-callback-data branch Sep 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment