diff options
author | Eric Wong <e@yhbt.net> | 2020-04-20 22:55:37 +0000 |
---|---|---|
committer | Eric Wong <e@yhbt.net> | 2020-04-21 20:13:47 +0000 |
commit | fb8e7dbd1b711d25d1033c3f5f540ce47f6c0849 (patch) | |
tree | 9560834162cdb04fbc95d5bc0bac3669cd9eaea5 /t/cgi.t | |
parent | e700c37c0186915253d639462cfa403fd9fc964f (diff) | |
download | public-inbox-fb8e7dbd1b711d25d1033c3f5f540ce47f6c0849.tar.gz |
In normal mail paths, we can rely on MTAs being configured with reasonable limits in the -watch and -mda mail injection paths. However, the MTA is bypassed in a git-only delivery path, a BOFH could inject a large message and DoS users attempting to mirror a public-inbox. This doesn't protect unindexed WWW interfaces from Email::MIME memory explosions on v1 inboxes. Probably nobody cares about unindexed WWW interfaces anymore, especially now that Xapian is optional for indexing.
Diffstat (limited to 't/cgi.t')
-rw-r--r-- | t/cgi.t | 30 |
1 files changed, 17 insertions, 13 deletions
@@ -55,10 +55,14 @@ Date: Thu, 01 Jan 1970 00:00:00 +0000 zzzzzz EOF - $im->add($mime); + ok($im->add($mime), 'added initial message'); + + $mime->header_set('Message-ID', '<toobig@example.com>'); + $mime->body_str_set("z\n" x 1024); + ok($im->add($mime), 'added big message'); # deliver a reply, too - my $reply = Email::MIME->new(<<EOF); + $mime = Email::MIME->new(<<EOF); From: You <you\@example.com> To: Me <me\@example.com> Cc: $addr @@ -72,7 +76,7 @@ Me wrote: what? EOF - $im->add($reply); + ok($im->add($mime), 'added reply'); my $slashy_mid = 'slashy/asdf@example.com'; my $slashy = Email::MIME->new(<<EOF); @@ -85,7 +89,7 @@ Date: Thu, 01 Jan 1970 00:00:01 +0000 slashy EOF - $im->add($slashy); + ok($im->add($slashy), 'added slash'); $im->done; my $res = cgi_run("/test/slashy/asdf\@example.com/raw"); @@ -99,14 +103,9 @@ EOF my $path = "/test/blahblah\@example.com/t.mbox.gz"; my $res = cgi_run($path); like($res->{head}, qr/^Status: 501 /, "search not-yet-enabled"); - my $indexed; - eval { - require DBD::SQLite; - require PublicInbox::SearchIdx; - my $s = PublicInbox::SearchIdx->new($ibx, 1); - $s->index_sync; - $indexed = 1; - }; + my $cmd = ['-index', $ibx->{inboxdir}, '--max-size=2k']; + my $opt = { 2 => \(my $err) }; + my $indexed = run_script($cmd, undef, $opt); if ($indexed) { $res = cgi_run($path); like($res->{head}, qr/^Status: 200 /, "search returned mbox"); @@ -117,9 +116,14 @@ EOF IO::Uncompress::Gunzip::gunzip(\$in => \$out); like($out, qr/^From /m, "From lines in mbox"); }; + $res = cgi_run('/test/toobig@example.com/'); + like($res->{head}, qr/^Status: 300 /, + 'did not index or return >max-size message'); + like($err, qr/skipping [a-f0-9]{40,}/, + 'warned about skipping large OID'); } else { like($res->{head}, qr/^Status: 501 /, "search not available"); - SKIP: { skip 'DBD::SQLite not available', 2 }; + SKIP: { skip 'DBD::SQLite not available', 4 }; } my $have_xml_treepp = eval { require XML::TreePP; 1 } if $indexed; |