diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-12-13 15:10:01 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-12-13 15:10:23 +0000 |
commit | 545463577aabc27c755db78a8ad5f931b9f3fc88 (patch) | |
tree | ddbe71c129ae6f934d30674d1258cc5c8394c97c | |
parent | da195bf5f1bf1e363d3bffdbf94bde32f9c5f60a (diff) | |
download | rspamd-545463577aabc27c755db78a8ad5f931b9f3fc88.tar.gz rspamd-545463577aabc27c755db78a8ad5f931b9f3fc88.zip |
[Fix] Limit size of symbols options by max_opts_len option
-rw-r--r-- | src/libmime/scan_result.c | 20 | ||||
-rw-r--r-- | src/libmime/scan_result.h | 1 | ||||
-rw-r--r-- | src/libserver/cfg_file.h | 1 | ||||
-rw-r--r-- | src/libserver/cfg_rcl.c | 6 | ||||
-rw-r--r-- | src/libserver/cfg_utils.c | 1 |
5 files changed, 29 insertions, 0 deletions
diff --git a/src/libmime/scan_result.c b/src/libmime/scan_result.c index c7c2647d2..5ded3ac57 100644 --- a/src/libmime/scan_result.c +++ b/src/libmime/scan_result.c @@ -523,12 +523,28 @@ rspamd_task_add_result_option (struct rspamd_task *task, gint r; if (s && val) { + if (s->opts_len < 0) { + /* Cannot add more options, give up */ + msg_debug_task ("cannot add more options to symbol %s when adding option %s", + s->name, val); + return FALSE; + } + if (!s->options) { s->options = kh_init (rspamd_options_hash); } vlen = strlen (val); + if (vlen + s->opts_len > task->cfg->max_opts_len) { + /* Add truncated option */ + msg_info_task ("cannot add more options to symbol %s when adding option %s", + s->name, val); + val = "..."; + vlen = 3; + s->opts_len = -1; + } + if (rspamd_fast_utf8_validate (val, vlen) != 0) { opt_cpy = rspamd_str_make_utf_valid (val, vlen, &vlen, task->task_pool); @@ -571,6 +587,10 @@ rspamd_task_add_result_option (struct rspamd_task *task, ret = TRUE; } + + if (ret && s->opts_len >= 0) { + s->opts_len += vlen; + } } else if (!val) { ret = TRUE; diff --git a/src/libmime/scan_result.h b/src/libmime/scan_result.h index b5f76baf7..3b222fffb 100644 --- a/src/libmime/scan_result.h +++ b/src/libmime/scan_result.h @@ -39,6 +39,7 @@ struct rspamd_symbol_result { struct rspamd_symbol_option *opts_head; /**< head of linked list of options */ const gchar *name; struct rspamd_symbol *sym; /**< symbol configuration */ + gssize opts_len; /**< total size of all options (negative if truncated option is added) */ guint nshots; enum rspamd_symbol_result_flags flags; }; diff --git a/src/libserver/cfg_file.h b/src/libserver/cfg_file.h index 8e1ce2c42..de6f37766 100644 --- a/src/libserver/cfg_file.h +++ b/src/libserver/cfg_file.h @@ -470,6 +470,7 @@ struct rspamd_config { guint full_gc_iters; /**< iterations between full gc cycle */ guint max_lua_urls; /**< maximum number of urls to be passed to Lua */ guint max_blas_threads; /**< maximum threads for openblas when learning ANN */ + guint max_opts_len; /**< maximum length for all options for a symbol */ GList *classify_headers; /**< list of headers using for statistics */ struct module_s **compiled_modules; /**< list of compiled C modules */ diff --git a/src/libserver/cfg_rcl.c b/src/libserver/cfg_rcl.c index 01b0c43ea..817f7efc5 100644 --- a/src/libserver/cfg_rcl.c +++ b/src/libserver/cfg_rcl.c @@ -2229,6 +2229,12 @@ rspamd_rcl_config_init (struct rspamd_config *cfg, GHashTable *skip_sections) RSPAMD_CL_FLAG_INT_32, "Maximum number of Blas threads for learning neural networks (default: 1)"); rspamd_rcl_add_default_handler (sub, + "max_opts_len", + rspamd_rcl_parse_struct_integer, + G_STRUCT_OFFSET (struct rspamd_config, max_opts_len), + RSPAMD_CL_FLAG_INT_32, + "Maximum size of all options for a single symbol (default: 4096)"); + rspamd_rcl_add_default_handler (sub, "events_backend", rspamd_rcl_parse_struct_string, G_STRUCT_OFFSET (struct rspamd_config, events_backend), diff --git a/src/libserver/cfg_utils.c b/src/libserver/cfg_utils.c index 76731eec4..ca5c71ea9 100644 --- a/src/libserver/cfg_utils.c +++ b/src/libserver/cfg_utils.c @@ -197,6 +197,7 @@ rspamd_config_new (enum rspamd_config_init_flags flags) cfg->cache_reload_time = 30.0; cfg->max_lua_urls = 1024; cfg->max_blas_threads = 1; + cfg->max_opts_len = 4096; /* Default log line */ cfg->log_format_str = "id: <$mid>,$if_qid{ qid: <$>,}$if_ip{ ip: $,}" |