From 545463577aabc27c755db78a8ad5f931b9f3fc88 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Fri, 13 Dec 2019 15:10:01 +0000
Subject: [PATCH] [Fix] Limit size of symbols options by max_opts_len option

---
 src/libmime/scan_result.c | 20 ++++++++++++++++++++
 src/libmime/scan_result.h |  1 +
 src/libserver/cfg_file.h  |  1 +
 src/libserver/cfg_rcl.c   |  6 ++++++
 src/libserver/cfg_utils.c |  1 +
 5 files changed, 29 insertions(+)

diff --git a/src/libmime/scan_result.c b/src/libmime/scan_result.c
index c7c2647d2..5ded3ac57 100644
--- a/src/libmime/scan_result.c
+++ b/src/libmime/scan_result.c
@@ -523,12 +523,28 @@ rspamd_task_add_result_option (struct rspamd_task *task,
 	gint r;
 
 	if (s && val) {
+		if (s->opts_len < 0) {
+			/* Cannot add more options, give up */
+			msg_debug_task ("cannot add more options to symbol %s when adding option %s",
+					s->name, val);
+			return FALSE;
+		}
+
 		if (!s->options) {
 			s->options = kh_init (rspamd_options_hash);
 		}
 
 		vlen = strlen (val);
 
+		if (vlen + s->opts_len > task->cfg->max_opts_len) {
+			/* Add truncated option */
+			msg_info_task ("cannot add more options to symbol %s when adding option %s",
+					s->name, val);
+			val = "...";
+			vlen = 3;
+			s->opts_len = -1;
+		}
+
 		if (rspamd_fast_utf8_validate (val, vlen) != 0) {
 			opt_cpy = rspamd_str_make_utf_valid (val, vlen, &vlen,
 					task->task_pool);
@@ -571,6 +587,10 @@ rspamd_task_add_result_option (struct rspamd_task *task,
 
 			ret = TRUE;
 		}
+
+		if (ret && s->opts_len >= 0) {
+			s->opts_len += vlen;
+		}
 	}
 	else if (!val) {
 		ret = TRUE;
diff --git a/src/libmime/scan_result.h b/src/libmime/scan_result.h
index b5f76baf7..3b222fffb 100644
--- a/src/libmime/scan_result.h
+++ b/src/libmime/scan_result.h
@@ -39,6 +39,7 @@ struct rspamd_symbol_result {
 	struct rspamd_symbol_option *opts_head;        /**< head of linked list of options			*/
 	const gchar *name;
 	struct rspamd_symbol *sym;                     /**< symbol configuration					*/
+	gssize opts_len; /**< total size of all options (negative if truncated option is added) */
 	guint nshots;
 	enum rspamd_symbol_result_flags flags;
 };
diff --git a/src/libserver/cfg_file.h b/src/libserver/cfg_file.h
index 8e1ce2c42..de6f37766 100644
--- a/src/libserver/cfg_file.h
+++ b/src/libserver/cfg_file.h
@@ -470,6 +470,7 @@ struct rspamd_config {
 	guint full_gc_iters;                            /**< iterations between full gc cycle					*/
 	guint max_lua_urls;                             /**< maximum number of urls to be passed to Lua			*/
 	guint max_blas_threads;                         /**< maximum threads for openblas when learning ANN		*/
+	guint max_opts_len;                             /**< maximum length for all options for a symbol		*/
 
 	GList *classify_headers;                        /**< list of headers using for statistics				*/
 	struct module_s **compiled_modules;                /**< list of compiled C modules							*/
diff --git a/src/libserver/cfg_rcl.c b/src/libserver/cfg_rcl.c
index 01b0c43ea..817f7efc5 100644
--- a/src/libserver/cfg_rcl.c
+++ b/src/libserver/cfg_rcl.c
@@ -2228,6 +2228,12 @@ rspamd_rcl_config_init (struct rspamd_config *cfg, GHashTable *skip_sections)
 				G_STRUCT_OFFSET (struct rspamd_config, max_blas_threads),
 				RSPAMD_CL_FLAG_INT_32,
 				"Maximum number of Blas threads for learning neural networks (default: 1)");
+		rspamd_rcl_add_default_handler (sub,
+				"max_opts_len",
+				rspamd_rcl_parse_struct_integer,
+				G_STRUCT_OFFSET (struct rspamd_config, max_opts_len),
+				RSPAMD_CL_FLAG_INT_32,
+				"Maximum size of all options for a single symbol (default: 4096)");
 		rspamd_rcl_add_default_handler (sub,
 				"events_backend",
 				rspamd_rcl_parse_struct_string,
diff --git a/src/libserver/cfg_utils.c b/src/libserver/cfg_utils.c
index 76731eec4..ca5c71ea9 100644
--- a/src/libserver/cfg_utils.c
+++ b/src/libserver/cfg_utils.c
@@ -197,6 +197,7 @@ rspamd_config_new (enum rspamd_config_init_flags flags)
 	cfg->cache_reload_time = 30.0;
 	cfg->max_lua_urls = 1024;
 	cfg->max_blas_threads = 1;
+	cfg->max_opts_len = 4096;
 
 	/* Default log line */
 	cfg->log_format_str = "id: <$mid>,$if_qid{ qid: <$>,}$if_ip{ ip: $,}"
-- 
2.39.5