From: Daniel Axtens Date: Sat, 1 Jul 2017 04:28:43 +0000 (+1000) Subject: parser: limit emails and names to 255 chars X-Git-Tag: v2.0.0~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf194e2f45fd4fdc374482c478da43957a45b5d9;p=thirdparty%2Fpatchwork.git parser: limit emails and names to 255 chars Also picked up with afl-fuzz. Signed-off-by: Daniel Axtens Reviewed-by: Andrew Donnellan Reviewed-by: Stephen Finucane --- diff --git a/patchwork/parser.py b/patchwork/parser.py index 37603f94..eab0a7d3 100644 --- a/patchwork/parser.py +++ b/patchwork/parser.py @@ -326,9 +326,9 @@ def find_author(mail): if not email: raise ValueError("Invalid 'From' header") - email = email.strip() + email = email.strip()[:255] if name is not None: - name = name.strip() + name = name.strip()[:255] try: person = Person.objects.get(email__iexact=email) diff --git a/patchwork/tests/fuzztests/email-len.mbox b/patchwork/tests/fuzztests/email-len.mbox new file mode 100644 index 00000000..37df8054 Binary files /dev/null and b/patchwork/tests/fuzztests/email-len.mbox differ diff --git a/patchwork/tests/fuzztests/name-len.mbox b/patchwork/tests/fuzztests/name-len.mbox new file mode 100644 index 00000000..a2bc65ad Binary files /dev/null and b/patchwork/tests/fuzztests/name-len.mbox differ diff --git a/patchwork/tests/test_parser.py b/patchwork/tests/test_parser.py index c86ea1be..34c15844 100644 --- a/patchwork/tests/test_parser.py +++ b/patchwork/tests/test_parser.py @@ -862,9 +862,11 @@ class FuzzTest(TestCase): self._test_patch('year-out-of-range.mbox') self._test_patch('date-oserror.mbox') - def test_msgid(self): + def test_length_for_db(self): self._test_patch('msgid-len.mbox') self._test_patch('msgid-len2.mbox') + self._test_patch('email-len.mbox') + self._test_patch('name-len.mbox') def test_hdr(self): self._test_patch('refshdr.mbox')