diff options
author | Eric Wong <e@yhbt.net> | 2020-05-10 06:21:04 +0000 |
---|---|---|
committer | Eric Wong <e@yhbt.net> | 2020-05-10 06:56:42 +0000 |
commit | 1dde99e0badebfaf509cee4f15bbfa284996c8fc (patch) | |
tree | 34a8fb6e89397530abbabe1223f6990844af029a | |
parent | 8c3016372fb40ad3f19bc69c90e49cbd5a5f081f (diff) | |
download | public-inbox-1dde99e0badebfaf509cee4f15bbfa284996c8fc.tar.gz |
While our header processing is more efficient than Email::*::Header, capping the maximum size for a `m//g' match still limits memory growth on a header we care for. Use the same limit as postfix (header_size_limit=102400), since messages fetched via git/HTTP/NNTP/etc can bypass MTA limits.
-rw-r--r-- | lib/PublicInbox/Eml.pm | 23 | ||||
-rw-r--r-- | t/eml.t | 25 |
2 files changed, 47 insertions, 1 deletions
diff --git a/lib/PublicInbox/Eml.pm b/lib/PublicInbox/Eml.pm index f022516c..2ccbb659 100644 --- a/lib/PublicInbox/Eml.pm +++ b/lib/PublicInbox/Eml.pm @@ -41,6 +41,7 @@ $PublicInbox::EmlContentFoo::STRICT_PARAMS = 0; our $MAXPARTS = 1000; # same as SpamAssassin our $MAXDEPTH = 20; # seems enough, Perl sucks, here our $MAXBOUNDLEN = 2048; # same as postfix +our $header_size_limit = 102400; # same as postfix my %MIME_ENC = (qp => \&enc_qp, base64 => \&encode_base64); my %MIME_DEC = (qp => \&dec_qp, base64 => \&decode_base64); @@ -68,6 +69,22 @@ sub re_memo ($) { /ismx } +sub hdr_truncate ($) { + my $len = length($_[0]); + substr($_[0], $header_size_limit, $len) = ''; + my $end = rindex($_[0], "\n"); + if ($end >= 0) { + ++$end; + substr($_[0], $end, $len) = ''; + warn "header of $len bytes truncated to $end bytes\n"; + } else { + $_[0] = ''; + warn <<EOF +header of $len bytes without `\\n' within $header_size_limit ignored +EOF + } +} + # compatible with our uses of Email::MIME sub new { my $ref = ref($_[1]) ? $_[1] : \(my $cpy = $_[1]); @@ -81,14 +98,18 @@ sub new { # likely on *nix my $hdr = substr($$ref, 0, $pos + 2, ''); # sv_chop on $$ref chop($hdr); # lower SvCUR + hdr_truncate($hdr) if length($hdr) > $header_size_limit; bless { hdr => \$hdr, crlf => "\n", bdy => $ref }, __PACKAGE__; } elsif ($$ref =~ /\r?\n(\r?\n)/s) { my $hdr = substr($$ref, 0, $+[0], ''); # sv_chop on $$ref substr($hdr, -(length($1))) = ''; # lower SvCUR + hdr_truncate($hdr) if length($hdr) > $header_size_limit; bless { hdr => \$hdr, crlf => $1, bdy => $ref }, __PACKAGE__; } elsif ($$ref =~ /^[a-z0-9-]+[ \t]*:/ims && $$ref =~ /(\r?\n)\z/s) { # body is optional :P - bless { hdr => \($$ref), crlf => $1 }, __PACKAGE__; + my $hdr = substr($$ref, 0, $header_size_limit + 1); + hdr_truncate($hdr) if length($hdr) > $header_size_limit; + bless { hdr => \$hdr, crlf => $1 }, __PACKAGE__; } else { # nothing useful my $hdr = $$ref = ''; bless { hdr => \$hdr, crlf => "\n" }, __PACKAGE__; @@ -252,6 +252,31 @@ EOF 'final "\n" preserved on missing epilogue'); } +if ('header_size_limit stolen from postfix') { + local $PublicInbox::Eml::header_size_limit = 4; + my @w; + local $SIG{__WARN__} = sub { push @w, @_ }; + my $eml = PublicInbox::Eml->new("a:b\na:d\n\nzz"); + is_deeply([$eml->header('a')], ['b'], 'no overrun header'); + is($eml->body_raw, 'zz', 'body not damaged'); + is($eml->header_obj->as_string, "a:b\n", 'header truncated'); + is(grep(/truncated/, @w), 1, 'truncation warned'); + + $eml = PublicInbox::Eml->new("a:b\na:d\n"); + is_deeply([$eml->header('a')], ['b'], 'no overrun header w/o body'); + + local $PublicInbox::Eml::header_size_limit = 5; + $eml = PublicInbox::Eml->new("a:b\r\na:d\r\n\nzz"); + is_deeply([$eml->header('a')], ['b'], 'no overrun header on CRLF'); + is($eml->body_raw, 'zz', 'body not damaged'); + + @w = (); + $eml = PublicInbox::Eml->new("too:long\n"); + $eml = PublicInbox::Eml->new("too:long\n\n"); + $eml = PublicInbox::Eml->new("too:long\r\n\r\n"); + is(grep(/ignored/, @w), 3, 'ignored header warned'); +} + if ('maxparts is a feature unique to us') { my $eml = eml_load 't/psgi_attach.eml'; my @orig; |