[Minor] Do not process large invalid zip archives

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2017-02-22 16:47:58 +0000
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2017-02-22 16:47:58 +0000
commit: e9df5fc9c75ebc8bdd352e94101e6103c90972a7 (patch)
tree: 0505ba0349b3247bc0ce234a9abeccb49dcb45cb /src
parent: 8c60c92bb97e9904164f5edafe32fd2a66789624 (diff)
download: rspamd-e9df5fc9c75ebc8bdd352e94101e6103c90972a7.tar.gz
rspamd-e9df5fc9c75ebc8bdd352e94101e6103c90972a7.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libmime/archives.c b/src/libmime/archives.c
index 4187e86fa..d714335fd 100644
--- a/src/libmime/archives.c
+++ b/src/libmime/archives.c
@@ -46,7 +46,8 @@ rspamd_archive_process_zip (struct rspamd_task *task,
 	const guchar *p, *start, *end, *eocd = NULL, *cd;
 	const guint32 eocd_magic = 0x06054b50, cd_basic_len = 46;
 	const guchar cd_magic[] = {0x50, 0x4b, 0x01, 0x02};
-	guint32 cd_offset, cd_size, comp_size, uncomp_size;
+	const guint max_processed = 1024;
+	guint32 cd_offset, cd_size, comp_size, uncomp_size, processed = 0;
 	guint16 extra_len, fname_len, comment_len;
 	struct rspamd_archive *arch;
 	struct rspamd_archive_file *f;
@@ -65,6 +66,10 @@ rspamd_archive_process_zip (struct rspamd_task *task,
 	while (p > start + sizeof (guint32)) {
 		guint32 t;
 
+		if (processed > max_processed) {
+			break;
+		}
+
 		/* XXX: not an efficient approach */
 		memcpy (&t, p, sizeof (t));
 
@@ -74,6 +79,7 @@ rspamd_archive_process_zip (struct rspamd_task *task,
 		}
 
 		p --;
+		processed ++;
 	}
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2017-02-22 16:47:58 +0000
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2017-02-22 16:47:58 +0000
commit	e9df5fc9c75ebc8bdd352e94101e6103c90972a7 (patch)
tree	0505ba0349b3247bc0ce234a9abeccb49dcb45cb /src
parent	8c60c92bb97e9904164f5edafe32fd2a66789624 (diff)
download	rspamd-e9df5fc9c75ebc8bdd352e94101e6103c90972a7.tar.gz rspamd-e9df5fc9c75ebc8bdd352e94101e6103c90972a7.zip