Limited the length of identifiers.

4d8f8da7 · Stephan Bosch · 2bdf696e · 4d8f8da7 · 4d8f8da7 · 4d8f8da7
Commit 4d8f8da7 authored 16 years ago by Stephan Bosch
--- a/src/lib-sieve/sieve-lexer.c
+++ b/src/lib-sieve/sieve-lexer.c
@@ -4,6 +4,7 @@
 #include "lib.h"
 #include "compat.h"
 #include "str.h"
+#include "str-sanitize.h"
 #include "istream.h"

 #include "sieve-common.h"
@@ -560,12 +561,15 @@ static bool sieve_lexer_scan_raw_token(struct sieve_lexer *lexer)
  		
 			/* Scan the rest of the identifier */
 			while ( IS_ALPHA(sieve_lexer_curchar(lexer)) ||
-				IS_ALPHA(sieve_lexer_curchar(lexer)) ||
+				IS_DIGIT(sieve_lexer_curchar(lexer)) ||
 				sieve_lexer_curchar(lexer) == '_' ) {
- 				str_append_c(str, sieve_lexer_curchar(lexer));
+
+				if ( str_len(str) <= SIEVE_MAX_IDENTIFIER_LEN ) {
+	 				str_append_c(str, sieve_lexer_curchar(lexer));
+				}
 				sieve_lexer_shift(lexer);
 			}
-  			
+
 			/* Is this in fact a multiline text string ? */
 			if ( sieve_lexer_curchar(lexer) == ':' &&
 				type == STT_IDENTIFIER && str_len(str) == 4 &&
@@ -674,6 +678,15 @@ static bool sieve_lexer_scan_raw_token(struct sieve_lexer *lexer)
 				lexer->token_type = STT_ERROR;
 				return FALSE;
 			}
+
+			if ( str_len(str) > SIEVE_MAX_IDENTIFIER_LEN ) {
+				sieve_lexer_error(lexer, 
+					"encountered impossibly long %s%s'",
+					(type == STT_TAG ? "tag identifier ':" : "identifier '"), 
+					str_sanitize(str_c(str), SIEVE_MAX_IDENTIFIER_LEN));
+				lexer->token_type = STT_ERROR;
+				return FALSE;
+			}
  			
 			lexer->token_type = type;
 			return TRUE;

--- a/src/lib-sieve/sieve-limits.h
+++ b/src/lib-sieve/sieve-limits.h
@@ -6,6 +6,7 @@
 */

 #define SIEVE_MAX_STRING_LEN        (1 << 20)
+#define SIEVE_MAX_IDENTIFIER_LEN    32

 /*
 * AST

--- a/tests/compile/errors.svtest
+++ b/tests/compile/errors.svtest
@@ -17,7 +17,7 @@ test "Lexer errors (FIXME: count only)" {
        test_fail "compile should have failed.";
    }

-    if not test_error :count "eq" :comparator "i;ascii-numeric" "8" {
+    if not test_error :count "eq" :comparator "i;ascii-numeric" "10" {
        test_fail "wrong number of errors reported";
    }
 }

--- a/tests/compile/errors/lexer.sieve
+++ b/tests/compile/errors/lexer.sieve
@@ -2,7 +2,12 @@
 * Lexer tests
 *
 * Total errors: 7 (+1 = 8)
- */ 
+ */
+
+/*
+ * Number limits
+ */
+ 
 # Number too large
 if size :under 4294967300 {
 	stop;
@@ -52,3 +57,15 @@ if size :under 4294967294 {
 if size :under 1G {
 	stop;
 }
+
+/*
+ * Identifier limits
+ */
+
+if this_is_a_rediculously_long_test_name {
+	stop;
+}
+
+if test :this_is_an_even_more_rediculously_long_tagged_argument_name {
+	stop;
+}