[Fix] Fix DoS caused by bug in glib

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2019-05-08 14:49:05 +0100
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2019-05-08 14:49:05 +0100
commit: 8d2e971635ba10355edbd5309c1376a7ad31e2f0 (patch)
tree: 0bb2b0019567922ca5bafb083c7684cf44425b92 /src/libstat
parent: 2e68c548f43ebc987a8ee420499be480e71ace03 (diff)
download: rspamd-8d2e971635ba10355edbd5309c1376a7ad31e2f0.tar.gz
rspamd-8d2e971635ba10355edbd5309c1376a7ad31e2f0.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libstat/tokenizers/tokenizers.c b/src/libstat/tokenizers/tokenizers.c
index b6061ce3b..f69378f9b 100644
--- a/src/libstat/tokenizers/tokenizers.c
+++ b/src/libstat/tokenizers/tokenizers.c
@@ -482,6 +482,13 @@ start_over:
 			}
 
 			if (token.original.len > 0) {
+				if (((gsize)res->len) * sizeof (token) > (0x1ull << 30u)) {
+					/* Due to bug in glib ! */
+					msg_err ("too many words found: %d, stop tokenization to avoid DoS",
+							res->len);
+
+					goto end;
+				}
 				g_array_append_val (res, token);
 			}
 
@@ -490,6 +497,7 @@ start_over:
 		}
 	}
 
+end:
 	if (!decay) {
 		hv = mum_hash_finish (hv);
 	}
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2019-05-08 14:49:05 +0100
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2019-05-08 14:49:05 +0100
commit	8d2e971635ba10355edbd5309c1376a7ad31e2f0 (patch)
tree	0bb2b0019567922ca5bafb083c7684cf44425b92 /src/libstat
parent	2e68c548f43ebc987a8ee420499be480e71ace03 (diff)
download	rspamd-8d2e971635ba10355edbd5309c1376a7ad31e2f0.tar.gz rspamd-8d2e971635ba10355edbd5309c1376a7ad31e2f0.zip