parser: limit emails and names to 255 chars

Also picked up with afl-fuzz.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Reviewed-by: Stephen Finucane <stephen@that.guru>

diff --git a/patchwork/parser.py b/patchwork/parser.py
index 37603f9441502864877e197d51932ef6ba52fcf7..eab0a7d398639984ef6e343d57e72309653d7648 100644 (file)
--- a/patchwork/parser.py
+++ b/patchwork/parser.py
@@ -326,9 +326,9 @@ def find_author(mail):
     if not email:
         raise ValueError("Invalid 'From' header")
 
-    email = email.strip()
+    email = email.strip()[:255]
     if name is not None:
-        name = name.strip()
+        name = name.strip()[:255]
 
     try:
         person = Person.objects.get(email__iexact=email)

diff --git a/patchwork/tests/fuzztests/email-len.mbox b/patchwork/tests/fuzztests/email-len.mbox
new file mode 100644 (file)
index 0000000..37df805
Binary files /dev/null and b/patchwork/tests/fuzztests/email-len.mbox differ

diff --git a/patchwork/tests/fuzztests/name-len.mbox b/patchwork/tests/fuzztests/name-len.mbox
new file mode 100644 (file)
index 0000000..a2bc65a
Binary files /dev/null and b/patchwork/tests/fuzztests/name-len.mbox differ

diff --git a/patchwork/tests/test_parser.py b/patchwork/tests/test_parser.py
index c86ea1be35541970e261ef177a41c405e4973372..34c158441194f35784e5d65699db1f272e2995b3 100644 (file)
--- a/patchwork/tests/test_parser.py
+++ b/patchwork/tests/test_parser.py
@@ -862,9 +862,11 @@ class FuzzTest(TestCase):
         self._test_patch('year-out-of-range.mbox')
         self._test_patch('date-oserror.mbox')
 
-    def test_msgid(self):
+    def test_length_for_db(self):
         self._test_patch('msgid-len.mbox')
         self._test_patch('msgid-len2.mbox')
+        self._test_patch('email-len.mbox')
+        self._test_patch('name-len.mbox')
 
     def test_hdr(self):
         self._test_patch('refshdr.mbox')