summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2014-01-07 16:02:27 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2014-01-07 16:02:27 +0000
commit54602f1cbf740140efc543d678493c73233583b2 (patch)
treef4dbd45fd6d8c49c08def4c65613e52c99ca1bc2
parent3b6242b776470ab17be284c5d0ce74101f081c09 (diff)
downloadrspamd-54602f1cbf740140efc543d678493c73233583b2.tar.gz
rspamd-54602f1cbf740140efc543d678493c73233583b2.zip
Add `strict_protocol_headers` option for rspamc protocol.
If this option is specified then unknown headers are treated as errors otherwise they are just ignored. This option is `false` by default meaning that unknown headers are ignored.
-rw-r--r--src/cfg_file.h1
-rw-r--r--src/cfg_rcl.c2
-rw-r--r--src/protocol.c22
3 files changed, 16 insertions, 9 deletions
diff --git a/src/cfg_file.h b/src/cfg_file.h
index 41c37bd34..55ced8456 100644
--- a/src/cfg_file.h
+++ b/src/cfg_file.h
@@ -292,6 +292,7 @@ struct config_file {
gboolean one_shot_mode; /**< rules add only one symbol */
gboolean check_text_attachements; /**< check text attachements as text */
gboolean convert_config; /**< convert config to XML format */
+ gboolean strict_protocol_headers; /**< strictly check protocol headers */
gsize max_diff; /**< maximum diff size for text parts */
diff --git a/src/cfg_rcl.c b/src/cfg_rcl.c
index e8cb66800..188bd3315 100644
--- a/src/cfg_rcl.c
+++ b/src/cfg_rcl.c
@@ -1063,6 +1063,8 @@ rspamd_rcl_config_init (void)
G_STRUCT_OFFSET (struct config_file, history_file), RSPAMD_CL_FLAG_STRING_PATH);
rspamd_rcl_add_default_handler (sub, "use_mlock", rspamd_rcl_parse_struct_boolean,
G_STRUCT_OFFSET (struct config_file, mlock_statfile_pool), 0);
+ rspamd_rcl_add_default_handler (sub, "strict_protocol_headers", rspamd_rcl_parse_struct_boolean,
+ G_STRUCT_OFFSET (struct config_file, strict_protocol_headers), 0);
/**
* Metric section
diff --git a/src/protocol.c b/src/protocol.c
index 6cb0ce677..07d7072ab 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -488,7 +488,7 @@ parse_header (struct worker_task *task, f_str_t * line)
}
else {
msg_info ("wrong header: %s", headern);
- return FALSE;
+ res = FALSE;
}
break;
case 'd':
@@ -583,7 +583,7 @@ parse_header (struct worker_task *task, f_str_t * line)
task->from_addr.ipv6 = TRUE;
}
else {
- msg_info ("bad ip header: '%s'", tmp);
+ msg_err ("bad ip header: '%s'", tmp);
return FALSE;
}
task->from_addr.has_addr = TRUE;
@@ -595,7 +595,7 @@ parse_header (struct worker_task *task, f_str_t * line)
task->from_addr.ipv6 = TRUE;
}
else {
- msg_info ("bad ip header: '%s'", tmp);
+ msg_err ("bad ip header: '%s'", tmp);
return FALSE;
}
}
@@ -606,7 +606,7 @@ parse_header (struct worker_task *task, f_str_t * line)
}
#else
if (!inet_aton (tmp, &task->from_addr)) {
- msg_info ("bad ip header: '%s'", tmp);
+ msg_err ("bad ip header: '%s'", tmp);
return FALSE;
}
#endif
@@ -652,13 +652,17 @@ parse_header (struct worker_task *task, f_str_t * line)
}
break;
default:
- if (!task->is_http) {
- msg_info ("wrong header: %s", headern);
- res = FALSE;
- }
+ msg_info ("wrong header: %s", headern);
+ res = FALSE;
+ break;
}
- return res || task->is_http;
+ if (!res && task->cfg->strict_protocol_headers) {
+ msg_err ("deny processing of a request with incorrect or unknown headers");
+ return FALSE;
+ }
+
+ return TRUE;
}
gboolean