[Fix] Add another safe-guard in urls processing

diff --git a/src/libserver/url.c b/src/libserver/url.c
index 90398ad6ba52e6bfed24a023e121ba816b81d4fd..39b64abd3161389cfc6a224f7368903ff129d2bd 100644 (file)
--- a/src/libserver/url.c
+++ b/src/libserver/url.c
@@ -2915,8 +2915,10 @@ rspamd_url_trie_generic_callback_common (struct rspamd_multipattern *mp,
                        }
 
                        if (cb->func) {
-                               cb->func (url, cb->start - text, (m.m_begin + m.m_len) - text,
-                                               cb->funcd);
+                               if (!cb->func (url, cb->start - text, (m.m_begin + m.m_len) - text,
+                                               cb->funcd)) {
+                                       return FALSE;
+                               }
                        }
                }
                else if (rc != URI_ERRNO_OK) {
@@ -2962,9 +2964,10 @@ rspamd_url_trie_generic_callback_single (struct rspamd_multipattern *mp,
 struct rspamd_url_mimepart_cbdata {
        struct rspamd_task *task;
        struct rspamd_mime_text_part *part;
+       gsize url_len;
 };
 
-static void
+static gboolean
 rspamd_url_text_part_callback (struct rspamd_url *url, gsize start_offset,
                gsize end_offset, gpointer ud)
 {
@@ -2985,6 +2988,17 @@ rspamd_url_text_part_callback (struct rspamd_url *url, gsize start_offset,
        ex->type = RSPAMD_EXCEPTION_URL;
        ex->ptr = url;
 
+       cbd->url_len += ex->len;
+
+       if (cbd->part->utf_stripped_content &&
+                       cbd->url_len > cbd->part->utf_stripped_content->len * 10) {
+               /* Absurdic case, stop here now */
+               msg_err_task ("part has too many URLs, we cannot process more: %z",
+                               cbd->url_len);
+
+               return FALSE;
+       }
+
        if (url->protocol == PROTOCOL_MAILTO) {
                if (url->userlen > 0) {
                        target_tbl = MESSAGE_FIELD (task, emails);
@@ -3014,7 +3028,6 @@ rspamd_url_text_part_callback (struct rspamd_url *url, gsize start_offset,
        if (url->querylen > 0) {
                if (rspamd_url_find (task->task_pool, url->query, url->querylen,
                                &url_str, RSPAMD_URL_FIND_ALL, NULL, &prefix_added)) {
-
                        query_url = rspamd_mempool_alloc0 (task->task_pool,
                                        sizeof (struct rspamd_url));
                        rc = rspamd_url_parse (query_url,
@@ -3053,6 +3066,8 @@ rspamd_url_text_part_callback (struct rspamd_url *url, gsize start_offset,
                        }
                }
        }
+
+       return TRUE;
 }
 
 void
@@ -3070,6 +3085,7 @@ rspamd_url_text_extract (rspamd_mempool_t *pool,
 
        mcbd.task = task;
        mcbd.part = part;
+       mcbd.url_len = 0;
 
        rspamd_url_find_multiple (task->task_pool, part->utf_stripped_content->data,
                        part->utf_stripped_content->len, how, part->newlines,
@@ -3139,7 +3155,7 @@ rspamd_url_find_single (rspamd_mempool_t *pool,
 }
 
 
-void
+gboolean
 rspamd_url_task_subject_callback (struct rspamd_url *url, gsize start_offset,
                gsize end_offset, gpointer ud)
 {
@@ -3208,6 +3224,8 @@ rspamd_url_task_subject_callback (struct rspamd_url *url, gsize start_offset,
                        }
                }
        }
+
+       return TRUE;
 }
 
 guint

diff --git a/src/libserver/url.h b/src/libserver/url.h
index 83a2a7f1789eb82b37b3497ffbf86c71f0cf0cb8..53c4abbebec7ef901c5823ff2b55914850089b63 100644 (file)
--- a/src/libserver/url.h
+++ b/src/libserver/url.h
@@ -167,7 +167,7 @@ const gchar *rspamd_url_strerror (int err);
  */
 gboolean rspamd_url_find_tld (const gchar *in, gsize inlen, rspamd_ftok_t *out);
 
-typedef void (*url_insert_function) (struct rspamd_url *url,
+typedef gboolean (*url_insert_function) (struct rspamd_url *url,
                                                                         gsize start_offset, gsize end_offset, void *ud);
 
 /**
@@ -208,7 +208,7 @@ void rspamd_url_find_single (rspamd_mempool_t *pool,
  * @param end_offset
  * @param ud
  */
-void rspamd_url_task_subject_callback (struct rspamd_url *url,
+gboolean rspamd_url_task_subject_callback (struct rspamd_url *url,
                                                                           gsize start_offset,
                                                                           gsize end_offset, gpointer ud);
 

diff --git a/src/lua/lua_url.c b/src/lua/lua_url.c
index 8742a6027738d9c9013243f131b2f4d605e4fc55..d21ab727f0f58f87c369ec1250d4a5ac4846cb3d 100644 (file)
--- a/src/lua/lua_url.c
+++ b/src/lua/lua_url.c
@@ -110,7 +110,7 @@ lua_check_url (lua_State * L, gint pos)
        return ud ? ((struct rspamd_lua_url *)ud) : NULL;
 }
 
-static void
+static gboolean
 lua_url_single_inserter (struct rspamd_url *url, gsize start_offset,
                                                 gsize end_offset, gpointer ud)
 {
@@ -120,6 +120,8 @@ lua_url_single_inserter (struct rspamd_url *url, gsize start_offset,
        lua_url = lua_newuserdata (L, sizeof (struct rspamd_lua_url));
        rspamd_lua_setclass (L, "rspamd{url}", -1);
        lua_url->url = url;
+
+       return TRUE;
 }
 
 /***
@@ -770,7 +772,7 @@ lua_url_init (lua_State *L)
        return 0;
 }
 
-static void
+static gboolean
 lua_url_table_inserter (struct rspamd_url *url, gsize start_offset,
                gsize end_offset, gpointer ud)
 {
@@ -785,6 +787,8 @@ lua_url_table_inserter (struct rspamd_url *url, gsize start_offset,
        lua_pushinteger (L, n + 1);
        lua_pushlstring (L, url->string, url->urllen);
        lua_settable (L, -3);
+
+       return TRUE;
 }