aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/main.h1
-rw-r--r--src/message.c22
2 files changed, 20 insertions, 3 deletions
diff --git a/src/main.h b/src/main.h
index 79568c258..e87b4efde 100644
--- a/src/main.h
+++ b/src/main.h
@@ -192,6 +192,7 @@ struct worker_task {
struct timespec ts; /**< time of connection */
struct rspamd_view *view; /**< matching view */
gboolean view_checked;
+ uint32_t parser_recursion; /**< for avoiding recursion stack overflow */
};
/**
diff --git a/src/message.c b/src/message.c
index f3d8360c2..cc9da181c 100644
--- a/src/message.c
+++ b/src/message.c
@@ -30,6 +30,8 @@
#include "html.h"
#include "modules.h"
+#define RECURSION_LIMIT 30
+
GByteArray*
strip_html_tags (struct worker_task *task, memory_pool_t *pool, struct mime_text_part *part, GByteArray *src, int *stateptr)
{
@@ -582,11 +584,17 @@ mime_foreach_callback (GMimeObject *part, gpointer user_data)
g_mime_message_foreach_part() again here. */
message = g_mime_message_part_get_message ((GMimeMessagePart *) part);
+ if (task->parser_recursion++ < RECURSION_LIMIT) {
#ifdef GMIME24
- g_mime_message_foreach (message, mime_foreach_callback, task);
+ g_mime_message_foreach (message, mime_foreach_callback, task);
#else
- g_mime_message_foreach_part (message, mime_foreach_callback, task);
+ g_mime_message_foreach_part (message, mime_foreach_callback, task);
#endif
+ }
+ else {
+ msg_err ("mime_foreach_callback: endless recursion detected: %d", task->parser_recursion);
+ return;
+ }
g_object_unref (message);
} else if (GMIME_IS_MESSAGE_PARTIAL (part)) {
/* message/partial */
@@ -601,6 +609,13 @@ mime_foreach_callback (GMimeObject *part, gpointer user_data)
/* multipart/mixed, multipart/alternative, multipart/related, multipart/signed, multipart/encrypted, etc... */
/* we'll get to finding out if this is a signed/encrypted multipart later... */
+ if (task->parser_recursion++ < RECURSION_LIMIT) {
+ g_mime_multipart_foreach ((GMimeMultipart *) part, mime_foreach_callback, task);
+ }
+ else {
+ msg_err ("mime_foreach_callback: endless recursion detected: %d", task->parser_recursion);
+ return;
+ }
} else if (GMIME_IS_PART (part)) {
/* a normal leaf part, could be text/plain or image/jpeg etc */
#ifdef GMIME24
@@ -687,7 +702,8 @@ process_message (struct worker_task *task)
task->message = message;
memory_pool_add_destructor (task->task_pool, (pool_destruct_func)destroy_message, task->message);
-
+
+ task->parser_recursion = 0;
#ifdef GMIME24
g_mime_message_foreach (message, mime_foreach_callback, task);
#else