From 54602f1cbf740140efc543d678493c73233583b2 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 7 Jan 2014 16:02:27 +0000
Subject: [PATCH] Add `strict_protocol_headers` option for rspamc protocol.

If this option is specified then unknown headers are treated as errors
otherwise they are just ignored. This option is `false` by default meaning
that unknown headers are ignored.
---
 src/cfg_file.h |  1 +
 src/cfg_rcl.c  |  2 ++
 src/protocol.c | 22 +++++++++++++---------
 3 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/cfg_file.h b/src/cfg_file.h
index 41c37bd34..55ced8456 100644
--- a/src/cfg_file.h
+++ b/src/cfg_file.h
@@ -292,6 +292,7 @@ struct config_file {
 	gboolean one_shot_mode;							/**< rules add only one symbol							*/
 	gboolean check_text_attachements;				/**< check text attachements as text					*/
 	gboolean convert_config;						/**< convert config to XML format						*/
+	gboolean strict_protocol_headers;				/**< strictly check protocol headers					*/
 
 	gsize max_diff;									/**< maximum diff size for text parts					*/
 
diff --git a/src/cfg_rcl.c b/src/cfg_rcl.c
index e8cb66800..188bd3315 100644
--- a/src/cfg_rcl.c
+++ b/src/cfg_rcl.c
@@ -1063,6 +1063,8 @@ rspamd_rcl_config_init (void)
 			G_STRUCT_OFFSET (struct config_file, history_file), RSPAMD_CL_FLAG_STRING_PATH);
 	rspamd_rcl_add_default_handler (sub, "use_mlock", rspamd_rcl_parse_struct_boolean,
 			G_STRUCT_OFFSET (struct config_file, mlock_statfile_pool), 0);
+	rspamd_rcl_add_default_handler (sub, "strict_protocol_headers", rspamd_rcl_parse_struct_boolean,
+			G_STRUCT_OFFSET (struct config_file, strict_protocol_headers), 0);
 
 	/**
 	 * Metric section
diff --git a/src/protocol.c b/src/protocol.c
index 6cb0ce677..07d7072ab 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -488,7 +488,7 @@ parse_header (struct worker_task *task, f_str_t * line)
 		}
 		else {
 			msg_info ("wrong header: %s", headern);
-			return FALSE;
+			res = FALSE;
 		}
 		break;
 	case 'd':
@@ -583,7 +583,7 @@ parse_header (struct worker_task *task, f_str_t * line)
 					task->from_addr.ipv6 = TRUE;
 				}
 				else {
-					msg_info ("bad ip header: '%s'", tmp);
+					msg_err ("bad ip header: '%s'", tmp);
 					return FALSE;
 				}
 				task->from_addr.has_addr = TRUE;
@@ -595,7 +595,7 @@ parse_header (struct worker_task *task, f_str_t * line)
 						task->from_addr.ipv6 = TRUE;
 					}
 					else {
-						msg_info ("bad ip header: '%s'", tmp);
+						msg_err ("bad ip header: '%s'", tmp);
 						return FALSE;
 					}
 				}
@@ -606,7 +606,7 @@ parse_header (struct worker_task *task, f_str_t * line)
 			}
 #else
 			if (!inet_aton (tmp, &task->from_addr)) {
-				msg_info ("bad ip header: '%s'", tmp);
+				msg_err ("bad ip header: '%s'", tmp);
 				return FALSE;
 			}
 #endif
@@ -652,13 +652,17 @@ parse_header (struct worker_task *task, f_str_t * line)
 		}
 		break;
 	default:
-		if (!task->is_http) {
-			msg_info ("wrong header: %s", headern);
-			res = FALSE;
-		}
+		msg_info ("wrong header: %s", headern);
+		res = FALSE;
+		break;
 	}
 
-	return res || task->is_http;
+	if (!res && task->cfg->strict_protocol_headers) {
+		msg_err ("deny processing of a request with incorrect or unknown headers");
+		return FALSE;
+	}
+
+	return TRUE;
 }
 
 gboolean
-- 
2.39.5