diff options
author | Eric Wong <e@yhbt.net> | 2020-04-20 22:55:37 +0000 |
---|---|---|
committer | Eric Wong <e@yhbt.net> | 2020-04-21 20:13:47 +0000 |
commit | fb8e7dbd1b711d25d1033c3f5f540ce47f6c0849 (patch) | |
tree | 9560834162cdb04fbc95d5bc0bac3669cd9eaea5 /t/v2mirror.t | |
parent | e700c37c0186915253d639462cfa403fd9fc964f (diff) | |
download | public-inbox-fb8e7dbd1b711d25d1033c3f5f540ce47f6c0849.tar.gz |
In normal mail paths, we can rely on MTAs being configured with reasonable limits in the -watch and -mda mail injection paths. However, the MTA is bypassed in a git-only delivery path, a BOFH could inject a large message and DoS users attempting to mirror a public-inbox. This doesn't protect unindexed WWW interfaces from Email::MIME memory explosions on v1 inboxes. Probably nobody cares about unindexed WWW interfaces anymore, especially now that Xapian is optional for indexing.
Diffstat (limited to 't/v2mirror.t')
-rw-r--r-- | t/v2mirror.t | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/t/v2mirror.t b/t/v2mirror.t index 406bbd4f..ecf96891 100644 --- a/t/v2mirror.t +++ b/t/v2mirror.t @@ -187,6 +187,37 @@ is($mibx->git->check($to_purge), undef, 'unindex+prune successful in mirror'); is(scalar($mset->items), 0, '1@example.com no longer visible in mirror'); } +if ('max size') { + $mime->header_set('Message-ID', '<2big@a>'); + my $max = '2k'; + $mime->body_str_set("z\n" x 1024); + ok($v2w->add($mime), "add big message"); + $v2w->done; + $ibx->cleanup; + $fetch_each_epoch->(); + PublicInbox::InboxWritable::cleanup($mibx); + my $cmd = ['-index', "$tmpdir/m", "--max-size=$max" ]; + my $opt = { 2 => \(my $err) }; + ok(run_script($cmd, undef, $opt), 'indexed with --max-size'); + like($err, qr/skipping [a-f0-9]{40,}/, 'warned about skipping message'); + $mset = $mibx->search->reopen->query('m:2big@a', {mset =>1}); + is(scalar($mset->items), 0, 'large message not indexed'); + + { + open my $fh, '>>', $pi_config or die; + print $fh <<EOF or die; +[publicinbox] + indexMaxSize = 2k +EOF + close $fh or die; + } + $cmd = ['-index', "$tmpdir/m", "--reindex" ]; + ok(run_script($cmd, undef, $opt), 'reindexed w/ indexMaxSize in file'); + like($err, qr/skipping [a-f0-9]{40,}/, 'warned about skipping message'); + $mset = $mibx->search->reopen->query('m:2big@a', {mset =>1}); + is(scalar($mset->items), 0, 'large message not re-indexed'); +} + ok($td->kill, 'killed httpd'); $td->join; |