diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2014-01-07 16:02:27 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2014-01-07 16:02:27 +0000 |
commit | 54602f1cbf740140efc543d678493c73233583b2 (patch) | |
tree | f4dbd45fd6d8c49c08def4c65613e52c99ca1bc2 | |
parent | 3b6242b776470ab17be284c5d0ce74101f081c09 (diff) | |
download | rspamd-54602f1cbf740140efc543d678493c73233583b2.tar.gz rspamd-54602f1cbf740140efc543d678493c73233583b2.zip |
Add `strict_protocol_headers` option for rspamc protocol.
If this option is specified then unknown headers are treated as errors
otherwise they are just ignored. This option is `false` by default meaning
that unknown headers are ignored.
-rw-r--r-- | src/cfg_file.h | 1 | ||||
-rw-r--r-- | src/cfg_rcl.c | 2 | ||||
-rw-r--r-- | src/protocol.c | 22 |
3 files changed, 16 insertions, 9 deletions
diff --git a/src/cfg_file.h b/src/cfg_file.h index 41c37bd34..55ced8456 100644 --- a/src/cfg_file.h +++ b/src/cfg_file.h @@ -292,6 +292,7 @@ struct config_file { gboolean one_shot_mode; /**< rules add only one symbol */ gboolean check_text_attachements; /**< check text attachements as text */ gboolean convert_config; /**< convert config to XML format */ + gboolean strict_protocol_headers; /**< strictly check protocol headers */ gsize max_diff; /**< maximum diff size for text parts */ diff --git a/src/cfg_rcl.c b/src/cfg_rcl.c index e8cb66800..188bd3315 100644 --- a/src/cfg_rcl.c +++ b/src/cfg_rcl.c @@ -1063,6 +1063,8 @@ rspamd_rcl_config_init (void) G_STRUCT_OFFSET (struct config_file, history_file), RSPAMD_CL_FLAG_STRING_PATH); rspamd_rcl_add_default_handler (sub, "use_mlock", rspamd_rcl_parse_struct_boolean, G_STRUCT_OFFSET (struct config_file, mlock_statfile_pool), 0); + rspamd_rcl_add_default_handler (sub, "strict_protocol_headers", rspamd_rcl_parse_struct_boolean, + G_STRUCT_OFFSET (struct config_file, strict_protocol_headers), 0); /** * Metric section diff --git a/src/protocol.c b/src/protocol.c index 6cb0ce677..07d7072ab 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -488,7 +488,7 @@ parse_header (struct worker_task *task, f_str_t * line) } else { msg_info ("wrong header: %s", headern); - return FALSE; + res = FALSE; } break; case 'd': @@ -583,7 +583,7 @@ parse_header (struct worker_task *task, f_str_t * line) task->from_addr.ipv6 = TRUE; } else { - msg_info ("bad ip header: '%s'", tmp); + msg_err ("bad ip header: '%s'", tmp); return FALSE; } task->from_addr.has_addr = TRUE; @@ -595,7 +595,7 @@ parse_header (struct worker_task *task, f_str_t * line) task->from_addr.ipv6 = TRUE; } else { - msg_info ("bad ip header: '%s'", tmp); + msg_err ("bad ip header: '%s'", tmp); return FALSE; } } @@ -606,7 +606,7 @@ parse_header (struct worker_task *task, f_str_t * line) } #else if (!inet_aton (tmp, &task->from_addr)) { - msg_info ("bad ip header: '%s'", tmp); + msg_err ("bad ip header: '%s'", tmp); return FALSE; } #endif @@ -652,13 +652,17 @@ parse_header (struct worker_task *task, f_str_t * line) } break; default: - if (!task->is_http) { - msg_info ("wrong header: %s", headern); - res = FALSE; - } + msg_info ("wrong header: %s", headern); + res = FALSE; + break; } - return res || task->is_http; + if (!res && task->cfg->strict_protocol_headers) { + msg_err ("deny processing of a request with incorrect or unknown headers"); + return FALSE; + } + + return TRUE; } gboolean |