From 1708f88f5f87bf895469725d631192239e22fd58 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Tue, 19 Aug 2014 13:19:20 -0700 Subject: [PATCH 1/1] LP#1358916: refuse to retrieve over-large MARC records via Z39.50 At least one malformed record discovered in the wild can cause open-ils.search backends to balloon to over 3G of memory consumption. This patch works around that by refusing to process any (MARC) Z39.50 results that are larger than the MARC record maximum of 99,999 octets. Signed-off-by: Galen Charlton Signed-off-by: Ben Shum --- .../src/perlmods/lib/OpenILS/Application/Search/Z3950.pm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm index c830844577..a5a4f6c9c4 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm @@ -462,7 +462,13 @@ sub process_results { my $rec = $results->record($_); if ($tformat eq 'usmarc') { - $marc = MARC::Record->new_from_usmarc($rec->raw()); + my $raw = $rec->raw(); + if (length($raw) <= 99999) { + $marc = MARC::Record->new_from_usmarc($raw); + } else { + $marcs = ''; + die "ISO2709 record is too large to process"; + } } elsif ($tformat eq 'xml') { $marc = MARC::Record->new_from_xml($rec->raw()); } else { -- 2.43.2