From 4d8f8da7168b9ba0f04d8e251911a8ec66ad5bac Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan@rename-it.nl>
Date: Sat, 9 Aug 2008 18:51:39 +0200
Subject: [PATCH] Limited the length of identifiers.

---
 src/lib-sieve/sieve-lexer.c      | 19 ++++++++++++++++---
 src/lib-sieve/sieve-limits.h     |  1 +
 tests/compile/errors.svtest      |  2 +-
 tests/compile/errors/lexer.sieve | 19 ++++++++++++++++++-
 4 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/src/lib-sieve/sieve-lexer.c b/src/lib-sieve/sieve-lexer.c
index b7be61e30..32e199fbe 100644
--- a/src/lib-sieve/sieve-lexer.c
+++ b/src/lib-sieve/sieve-lexer.c
@@ -4,6 +4,7 @@
 #include "lib.h"
 #include "compat.h"
 #include "str.h"
+#include "str-sanitize.h"
 #include "istream.h"
 
 #include "sieve-common.h"
@@ -560,12 +561,15 @@ static bool sieve_lexer_scan_raw_token(struct sieve_lexer *lexer)
   		
 			/* Scan the rest of the identifier */
 			while ( IS_ALPHA(sieve_lexer_curchar(lexer)) ||
-				IS_ALPHA(sieve_lexer_curchar(lexer)) ||
+				IS_DIGIT(sieve_lexer_curchar(lexer)) ||
 				sieve_lexer_curchar(lexer) == '_' ) {
- 				str_append_c(str, sieve_lexer_curchar(lexer));
+
+				if ( str_len(str) <= SIEVE_MAX_IDENTIFIER_LEN ) {
+	 				str_append_c(str, sieve_lexer_curchar(lexer));
+				}
 				sieve_lexer_shift(lexer);
 			}
-  			
+
 			/* Is this in fact a multiline text string ? */
 			if ( sieve_lexer_curchar(lexer) == ':' &&
 				type == STT_IDENTIFIER && str_len(str) == 4 &&
@@ -674,6 +678,15 @@ static bool sieve_lexer_scan_raw_token(struct sieve_lexer *lexer)
 				lexer->token_type = STT_ERROR;
 				return FALSE;
 			}
+
+			if ( str_len(str) > SIEVE_MAX_IDENTIFIER_LEN ) {
+				sieve_lexer_error(lexer, 
+					"encountered impossibly long %s%s'",
+					(type == STT_TAG ? "tag identifier ':" : "identifier '"), 
+					str_sanitize(str_c(str), SIEVE_MAX_IDENTIFIER_LEN));
+				lexer->token_type = STT_ERROR;
+				return FALSE;
+			}
   			
 			lexer->token_type = type;
 			return TRUE;
diff --git a/src/lib-sieve/sieve-limits.h b/src/lib-sieve/sieve-limits.h
index fea09d8d7..d7fcc7c8f 100644
--- a/src/lib-sieve/sieve-limits.h
+++ b/src/lib-sieve/sieve-limits.h
@@ -6,6 +6,7 @@
  */
 
 #define SIEVE_MAX_STRING_LEN        (1 << 20)
+#define SIEVE_MAX_IDENTIFIER_LEN    32
 
 /*
  * AST
diff --git a/tests/compile/errors.svtest b/tests/compile/errors.svtest
index d19de2d0c..32c837534 100644
--- a/tests/compile/errors.svtest
+++ b/tests/compile/errors.svtest
@@ -17,7 +17,7 @@ test "Lexer errors (FIXME: count only)" {
         test_fail "compile should have failed.";
     }
 
-    if not test_error :count "eq" :comparator "i;ascii-numeric" "8" {
+    if not test_error :count "eq" :comparator "i;ascii-numeric" "10" {
         test_fail "wrong number of errors reported";
     }
 }
diff --git a/tests/compile/errors/lexer.sieve b/tests/compile/errors/lexer.sieve
index 200e2a44f..eba66b28d 100644
--- a/tests/compile/errors/lexer.sieve
+++ b/tests/compile/errors/lexer.sieve
@@ -2,7 +2,12 @@
  * Lexer tests
  *
  * Total errors: 7 (+1 = 8)
- */ 
+ */
+
+/*
+ * Number limits
+ */
+ 
 # Number too large
 if size :under 4294967300 {
 	stop;
@@ -52,3 +57,15 @@ if size :under 4294967294 {
 if size :under 1G {
 	stop;
 }
+
+/*
+ * Identifier limits
+ */
+
+if this_is_a_rediculously_long_test_name {
+	stop;
+}
+
+if test :this_is_an_even_more_rediculously_long_tagged_argument_name {
+	stop;
+}
-- 
GitLab