]> source.dussan.org Git - rspamd.git/commitdiff
projects / rspamd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: da195bf)
[Fix] Limit size of symbols options by max_opts_len option
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 13 Dec 2019 15:10:01 +0000 (15:10 +0000)
committerVsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 13 Dec 2019 15:10:23 +0000 (15:10 +0000)
src/libmime/scan_result.c patch | blob | history
src/libmime/scan_result.h patch | blob | history
src/libserver/cfg_file.h patch | blob | history
src/libserver/cfg_rcl.c patch | blob | history
src/libserver/cfg_utils.c patch | blob | history

diff --git a/src/libmime/scan_result.c b/src/libmime/scan_result.c
index c7c2647d2edca7a1fd59dc7850973e2e3c014e47..5ded3ac57ab771374242c3d3292cd04467ee5095 100644 (file)
--- a/src/libmime/scan_result.c
+++ b/src/libmime/scan_result.c
@@ -523,12 +523,28 @@ rspamd_task_add_result_option (struct rspamd_task *task,
        gint r;
 
        if (s && val) {
+               if (s->opts_len < 0) {
+                       /* Cannot add more options, give up */
+                       msg_debug_task ("cannot add more options to symbol %s when adding option %s",
+                                       s->name, val);
+                       return FALSE;
+               }
+
                if (!s->options) {
                        s->options = kh_init (rspamd_options_hash);
                }
 
                vlen = strlen (val);
 
+               if (vlen + s->opts_len > task->cfg->max_opts_len) {
+                       /* Add truncated option */
+                       msg_info_task ("cannot add more options to symbol %s when adding option %s",
+                                       s->name, val);
+                       val = "...";
+                       vlen = 3;
+                       s->opts_len = -1;
+               }
+
                if (rspamd_fast_utf8_validate (val, vlen) != 0) {
                        opt_cpy = rspamd_str_make_utf_valid (val, vlen, &vlen,
                                        task->task_pool);
@@ -571,6 +587,10 @@ rspamd_task_add_result_option (struct rspamd_task *task,
 
                        ret = TRUE;
                }
+
+               if (ret && s->opts_len >= 0) {
+                       s->opts_len += vlen;
+               }
        }
        else if (!val) {
                ret = TRUE;
diff --git a/src/libmime/scan_result.h b/src/libmime/scan_result.h
index b5f76baf7c51d3027c8e2a3a86f1922d226b64e2..3b222fffbb4bab6480570650312073e0e76846cc 100644 (file)
--- a/src/libmime/scan_result.h
+++ b/src/libmime/scan_result.h
@@ -39,6 +39,7 @@ struct rspamd_symbol_result {
        struct rspamd_symbol_option *opts_head;        /**< head of linked list of options                      */
        const gchar *name;
        struct rspamd_symbol *sym;                     /**< symbol configuration                                        */
+       gssize opts_len; /**< total size of all options (negative if truncated option is added) */
        guint nshots;
        enum rspamd_symbol_result_flags flags;
 };
diff --git a/src/libserver/cfg_file.h b/src/libserver/cfg_file.h
index 8e1ce2c42c84e427d741678eea251ab1bdc86862..de6f37766813e2d85540bbf6174bfb5f566d5110 100644 (file)
--- a/src/libserver/cfg_file.h
+++ b/src/libserver/cfg_file.h
@@ -470,6 +470,7 @@ struct rspamd_config {
        guint full_gc_iters;                            /**< iterations between full gc cycle                                   */
        guint max_lua_urls;                             /**< maximum number of urls to be passed to Lua                 */
        guint max_blas_threads;                         /**< maximum threads for openblas when learning ANN             */
+       guint max_opts_len;                             /**< maximum length for all options for a symbol                */
 
        GList *classify_headers;                        /**< list of headers using for statistics                               */
        struct module_s **compiled_modules;                /**< list of compiled C modules                                                      */
diff --git a/src/libserver/cfg_rcl.c b/src/libserver/cfg_rcl.c
index 01b0c43eaacb87f27e0710e80349167308407a25..817f7efc50f0ae3daf59075e7a8d159628a49a83 100644 (file)
--- a/src/libserver/cfg_rcl.c
+++ b/src/libserver/cfg_rcl.c
@@ -2228,6 +2228,12 @@ rspamd_rcl_config_init (struct rspamd_config *cfg, GHashTable *skip_sections)
                                G_STRUCT_OFFSET (struct rspamd_config, max_blas_threads),
                                RSPAMD_CL_FLAG_INT_32,
                                "Maximum number of Blas threads for learning neural networks (default: 1)");
+               rspamd_rcl_add_default_handler (sub,
+                               "max_opts_len",
+                               rspamd_rcl_parse_struct_integer,
+                               G_STRUCT_OFFSET (struct rspamd_config, max_opts_len),
+                               RSPAMD_CL_FLAG_INT_32,
+                               "Maximum size of all options for a single symbol (default: 4096)");
                rspamd_rcl_add_default_handler (sub,
                                "events_backend",
                                rspamd_rcl_parse_struct_string,
diff --git a/src/libserver/cfg_utils.c b/src/libserver/cfg_utils.c
index 76731eec453c7457bef6cbbf8082af3ebfc2e2d8..ca5c71ea96e5f470ee832036a0aefbad42466902 100644 (file)
--- a/src/libserver/cfg_utils.c
+++ b/src/libserver/cfg_utils.c
@@ -197,6 +197,7 @@ rspamd_config_new (enum rspamd_config_init_flags flags)
        cfg->cache_reload_time = 30.0;
        cfg->max_lua_urls = 1024;
        cfg->max_blas_threads = 1;
+       cfg->max_opts_len = 4096;
 
        /* Default log line */
        cfg->log_format_str = "id: <$mid>,$if_qid{ qid: <$>,}$if_ip{ ip: $,}"
Rapid spam filtering system: https://github.com/rspamd/rspamd