commit 9791674: [Fix] Set sanity limits for pcre2

Vsevolod Stakhov vsevolod at highsecure.ru
Wed Oct 9 12:28:06 UTC 2019


Author: Vsevolod Stakhov
Date: 2019-10-09 13:25:08 +0100
URL: https://github.com/rspamd/rspamd/commit/9791674f7f656703af74e45949f445c7b30c90d2 (HEAD -> master)

[Fix] Set sanity limits for pcre2

---
 src/libutil/regexp.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/libutil/regexp.c b/src/libutil/regexp.c
index 4ce9c4218..b7aae457e 100644
--- a/src/libutil/regexp.c
+++ b/src/libutil/regexp.c
@@ -158,13 +158,21 @@ rspamd_regexp_post_process (rspamd_regexp_t *r)
 	}
 #if defined(WITH_PCRE2)
 	gsize jsz;
+	static const guint max_recursion_depth = 100000, max_backtrack = 1000000;
+
 	guint jit_flags = can_jit ? PCRE2_JIT_COMPLETE : 0;
-	/* Create match context */
 
+	/* Create match context */
 	r->mcontext = pcre2_match_context_create (NULL);
+	g_assert (r->mcontext != NULL);
+	pcre2_set_depth_limit (r->mcontext, max_recursion_depth);
+	pcre2_set_match_limit (r->mcontext, max_backtrack);
 
 	if (r->re != r->raw_re) {
 		r->raw_mcontext = pcre2_match_context_create (NULL);
+		g_assert (r->raw_mcontext != NULL);
+		pcre2_set_depth_limit (r->raw_mcontext, max_recursion_depth);
+		pcre2_set_match_limit (r->raw_mcontext, max_backtrack);
 	}
 	else {
 		r->raw_mcontext = r->mcontext;


More information about the Commits mailing list