[Fix] Fix DoS caused by bug in glib

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Wed, 8 May 2019 13:49:05 +0000 (14:49 +0100)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Wed, 8 May 2019 13:49:05 +0000 (14:49 +0100)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Wed, 8 May 2019 13:49:05 +0000 (14:49 +0100)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Wed, 8 May 2019 13:49:05 +0000 (14:49 +0100)
diff --git a/src/libstat/tokenizers/tokenizers.c b/src/libstat/tokenizers/tokenizers.c

index b6061ce3b41150f34cb02fbfeeafad2b85e470d5..f69378f9b99abb132c5b9923c523c3cc4b361a5a 100644 (file)
--- a/src/libstat/tokenizers/tokenizers.c
+++ b/src/libstat/tokenizers/tokenizers.c
@@ -482,6 +482,13 @@ start_over:
                         }
  
                         if (token.original.len > 0) {
+                               if (((gsize)res->len) * sizeof (token) > (0x1ull << 30u)) {
+                                       /* Due to bug in glib ! */
+                                       msg_err ("too many words found: %d, stop tokenization to avoid DoS",
+                                                       res->len);
+
+                                       goto end;
+                               }
                                 g_array_append_val (res, token);
                         }
  
@@ -490,6 +497,7 @@ start_over:
                 }
         }
  
+end:
         if (!decay) {
                 hv = mum_hash_finish (hv);
         }
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Wed, 8 May 2019 13:49:05 +0000 (14:49 +0100)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Wed, 8 May 2019 13:49:05 +0000 (14:49 +0100)