Mercurial > hg > nginx

diff src/mail/ngx_mail_handler.c @ 9236:d9a52ebb9b00

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mail: max_commands directive. The directive specifies the maximum number of commands allowed during authentication, after which the connection is closed. The default limit is 1000, which is not expected to affect any well-behaving clients, since authentication usually requires at most several commands, though will effectively stop malicious clients from flooding the server with with commands.
author Maxim Dounin <mdounin@mdounin.ru>
date Sat, 30 Mar 2024 05:05:53 +0300
parents 9ca12c957304
children f83cb031a4a4
line wrap: on
line diff
--- a/src/mail/ngx_mail_handler.c	Sat Mar 30 05:05:31 2024 +0300
+++ b/src/mail/ngx_mail_handler.c	Sat Mar 30 05:05:53 2024 +0300
@@ -896,6 +896,18 @@
         return NGX_ERROR;
     }
 
+    s->commands++;
+
+    if (s->commands > cscf->max_commands) {
+
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "client sent too many commands");
+
+        s->quit = 1;
+
+        return NGX_MAIL_PARSE_INVALID_COMMAND;
+    }
+
     return NGX_OK;
 }