From fb8e7dbd1b711d25d1033c3f5f540ce47f6c0849 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Mon, 20 Apr 2020 22:55:37 +0000 Subject: index: support --max-size / publicinbox.indexMaxSize In normal mail paths, we can rely on MTAs being configured with reasonable limits in the -watch and -mda mail injection paths. However, the MTA is bypassed in a git-only delivery path, a BOFH could inject a large message and DoS users attempting to mirror a public-inbox. This doesn't protect unindexed WWW interfaces from Email::MIME memory explosions on v1 inboxes. Probably nobody cares about unindexed WWW interfaces anymore, especially now that Xapian is optional for indexing. --- script/public-inbox-index | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'script/public-inbox-index') diff --git a/script/public-inbox-index b/script/public-inbox-index index 7def9964..2d0f0eca 100755 --- a/script/public-inbox-index +++ b/script/public-inbox-index @@ -14,8 +14,9 @@ PublicInbox::Admin::require_or_die('-index'); use PublicInbox::Xapcmd; my $compact_opt; -my $opt = { quiet => -1, compact => 0 }; -GetOptions($opt, qw(verbose|v+ reindex compact|c+ jobs|j=i prune indexlevel|L=s)) +my $opt = { quiet => -1, compact => 0, maxsize => undef }; +GetOptions($opt, qw(verbose|v+ reindex compact|c+ jobs|j=i prune + indexlevel|L=s maxsize|max-size=s)) or die "bad command-line args\n$usage"; die "--jobs must be positive\n" if defined $opt->{jobs} && $opt->{jobs} <= 0; @@ -25,14 +26,22 @@ if ($opt->{compact}) { $compact_opt = { -coarse_lock => 1, compact => 1 }; } -my @ibxs = PublicInbox::Admin::resolve_inboxes(\@ARGV); +my $cfg = PublicInbox::Config->new; +my @ibxs = PublicInbox::Admin::resolve_inboxes(\@ARGV, undef, $cfg); PublicInbox::Admin::require_or_die('-index'); unless (@ibxs) { print STDERR "Usage: $usage\n"; exit 1 } my $mods = {}; +my $max_size = $opt->{maxsize} // $cfg->{lc('publicInbox.indexMaxSize')}; +if (defined $max_size) { + PublicInbox::Admin::parse_unsigned(\$max_size) or + die "`publicInbox.indexMaxSize=$max_size' not parsed\n"; +} + foreach my $ibx (@ibxs) { # XXX: users can shoot themselves in the foot, with opt->{indexlevel} $ibx->{indexlevel} //= $opt->{indexlevel} // PublicInbox::Admin::detect_indexlevel($ibx); + $ibx->{index_max_size} = $max_size; PublicInbox::Admin::scan_ibx_modules($mods, $ibx); } -- cgit v1.2.3-24-ge0c7