commit 8d2e971: [Fix] Fix DoS caused by bug in glib
Vsevolod Stakhov
vsevolod at highsecure.ru
Wed May 8 13:56:03 UTC 2019
Author: Vsevolod Stakhov
Date: 2019-05-08 14:49:05 +0100
URL: https://github.com/rspamd/rspamd/commit/8d2e971635ba10355edbd5309c1376a7ad31e2f0 (HEAD -> master)
[Fix] Fix DoS caused by bug in glib
---
src/libstat/tokenizers/tokenizers.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/libstat/tokenizers/tokenizers.c b/src/libstat/tokenizers/tokenizers.c
index b6061ce3b..f69378f9b 100644
--- a/src/libstat/tokenizers/tokenizers.c
+++ b/src/libstat/tokenizers/tokenizers.c
@@ -482,6 +482,13 @@ start_over:
}
if (token.original.len > 0) {
+ if (((gsize)res->len) * sizeof (token) > (0x1ull << 30u)) {
+ /* Due to bug in glib ! */
+ msg_err ("too many words found: %d, stop tokenization to avoid DoS",
+ res->len);
+
+ goto end;
+ }
g_array_append_val (res, token);
}
@@ -490,6 +497,7 @@ start_over:
}
}
+end:
if (!decay) {
hv = mum_hash_finish (hv);
}
More information about the Commits
mailing list