commit 5f40cc6: [Fix] Add another safe-guard in urls processing
Vsevolod Stakhov
vsevolod at highsecure.ru
Wed Oct 9 15:28:07 UTC 2019
Author: Vsevolod Stakhov
Date: 2019-10-09 16:22:12 +0100
URL: https://github.com/rspamd/rspamd/commit/5f40cc6a64897da15bccefb746aea490ab55820c (HEAD -> master)
[Fix] Add another safe-guard in urls processing
---
src/libserver/url.c | 28 +++++++++++++++++++++++-----
src/libserver/url.h | 4 ++--
src/lua/lua_url.c | 8 ++++++--
3 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/src/libserver/url.c b/src/libserver/url.c
index 90398ad6b..39b64abd3 100644
--- a/src/libserver/url.c
+++ b/src/libserver/url.c
@@ -2915,8 +2915,10 @@ rspamd_url_trie_generic_callback_common (struct rspamd_multipattern *mp,
}
if (cb->func) {
- cb->func (url, cb->start - text, (m.m_begin + m.m_len) - text,
- cb->funcd);
+ if (!cb->func (url, cb->start - text, (m.m_begin + m.m_len) - text,
+ cb->funcd)) {
+ return FALSE;
+ }
}
}
else if (rc != URI_ERRNO_OK) {
@@ -2962,9 +2964,10 @@ rspamd_url_trie_generic_callback_single (struct rspamd_multipattern *mp,
struct rspamd_url_mimepart_cbdata {
struct rspamd_task *task;
struct rspamd_mime_text_part *part;
+ gsize url_len;
};
-static void
+static gboolean
rspamd_url_text_part_callback (struct rspamd_url *url, gsize start_offset,
gsize end_offset, gpointer ud)
{
@@ -2985,6 +2988,17 @@ rspamd_url_text_part_callback (struct rspamd_url *url, gsize start_offset,
ex->type = RSPAMD_EXCEPTION_URL;
ex->ptr = url;
+ cbd->url_len += ex->len;
+
+ if (cbd->part->utf_stripped_content &&
+ cbd->url_len > cbd->part->utf_stripped_content->len * 10) {
+ /* Absurdic case, stop here now */
+ msg_err_task ("part has too many URLs, we cannot process more: %z",
+ cbd->url_len);
+
+ return FALSE;
+ }
+
if (url->protocol == PROTOCOL_MAILTO) {
if (url->userlen > 0) {
target_tbl = MESSAGE_FIELD (task, emails);
@@ -3014,7 +3028,6 @@ rspamd_url_text_part_callback (struct rspamd_url *url, gsize start_offset,
if (url->querylen > 0) {
if (rspamd_url_find (task->task_pool, url->query, url->querylen,
&url_str, RSPAMD_URL_FIND_ALL, NULL, &prefix_added)) {
-
query_url = rspamd_mempool_alloc0 (task->task_pool,
sizeof (struct rspamd_url));
rc = rspamd_url_parse (query_url,
@@ -3053,6 +3066,8 @@ rspamd_url_text_part_callback (struct rspamd_url *url, gsize start_offset,
}
}
}
+
+ return TRUE;
}
void
@@ -3070,6 +3085,7 @@ rspamd_url_text_extract (rspamd_mempool_t *pool,
mcbd.task = task;
mcbd.part = part;
+ mcbd.url_len = 0;
rspamd_url_find_multiple (task->task_pool, part->utf_stripped_content->data,
part->utf_stripped_content->len, how, part->newlines,
@@ -3139,7 +3155,7 @@ rspamd_url_find_single (rspamd_mempool_t *pool,
}
-void
+gboolean
rspamd_url_task_subject_callback (struct rspamd_url *url, gsize start_offset,
gsize end_offset, gpointer ud)
{
@@ -3208,6 +3224,8 @@ rspamd_url_task_subject_callback (struct rspamd_url *url, gsize start_offset,
}
}
}
+
+ return TRUE;
}
guint
diff --git a/src/libserver/url.h b/src/libserver/url.h
index 83a2a7f17..53c4abbeb 100644
--- a/src/libserver/url.h
+++ b/src/libserver/url.h
@@ -167,7 +167,7 @@ const gchar *rspamd_url_strerror (int err);
*/
gboolean rspamd_url_find_tld (const gchar *in, gsize inlen, rspamd_ftok_t *out);
-typedef void (*url_insert_function) (struct rspamd_url *url,
+typedef gboolean (*url_insert_function) (struct rspamd_url *url,
gsize start_offset, gsize end_offset, void *ud);
/**
@@ -208,7 +208,7 @@ void rspamd_url_find_single (rspamd_mempool_t *pool,
* @param end_offset
* @param ud
*/
-void rspamd_url_task_subject_callback (struct rspamd_url *url,
+gboolean rspamd_url_task_subject_callback (struct rspamd_url *url,
gsize start_offset,
gsize end_offset, gpointer ud);
diff --git a/src/lua/lua_url.c b/src/lua/lua_url.c
index 8742a6027..d21ab727f 100644
--- a/src/lua/lua_url.c
+++ b/src/lua/lua_url.c
@@ -110,7 +110,7 @@ lua_check_url (lua_State * L, gint pos)
return ud ? ((struct rspamd_lua_url *)ud) : NULL;
}
-static void
+static gboolean
lua_url_single_inserter (struct rspamd_url *url, gsize start_offset,
gsize end_offset, gpointer ud)
{
@@ -120,6 +120,8 @@ lua_url_single_inserter (struct rspamd_url *url, gsize start_offset,
lua_url = lua_newuserdata (L, sizeof (struct rspamd_lua_url));
rspamd_lua_setclass (L, "rspamd{url}", -1);
lua_url->url = url;
+
+ return TRUE;
}
/***
@@ -770,7 +772,7 @@ lua_url_init (lua_State *L)
return 0;
}
-static void
+static gboolean
lua_url_table_inserter (struct rspamd_url *url, gsize start_offset,
gsize end_offset, gpointer ud)
{
@@ -785,6 +787,8 @@ lua_url_table_inserter (struct rspamd_url *url, gsize start_offset,
lua_pushinteger (L, n + 1);
lua_pushlstring (L, url->string, url->urllen);
lua_settable (L, -3);
+
+ return TRUE;
}
More information about the Commits
mailing list