From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Wed, 8 May 2019 13:49:05 +0000 (+0100)
Subject: [Fix] Fix DoS caused by bug in glib
X-Git-Tag: 1.9.3~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d2e971635ba10355edbd5309c1376a7ad31e2f0;p=thirdparty%2Frspamd.git

[Fix] Fix DoS caused by bug in glib
---

diff --git a/src/libstat/tokenizers/tokenizers.c b/src/libstat/tokenizers/tokenizers.c
index b6061ce3b4..f69378f9b9 100644
--- a/src/libstat/tokenizers/tokenizers.c
+++ b/src/libstat/tokenizers/tokenizers.c
@@ -482,6 +482,13 @@ start_over:
 			}
 
 			if (token.original.len > 0) {
+				if (((gsize)res->len) * sizeof (token) > (0x1ull << 30u)) {
+					/* Due to bug in glib ! */
+					msg_err ("too many words found: %d, stop tokenization to avoid DoS",
+							res->len);
+
+					goto end;
+				}
 				g_array_append_val (res, token);
 			}
 
@@ -490,6 +497,7 @@ start_over:
 		}
 	}
 
+end:
 	if (!decay) {
 		hv = mum_hash_finish (hv);
 	}