LP#1358916: refuse to retrieve over-large MARC records via Z39.50

At least one malformed record discovered in the wild can
cause open-ils.search backends to balloon to over 3G of memory
consumption.  This patch works around that by refusing
to process any (MARC) Z39.50 results that are larger than the
MARC record maximum of 99,999 octets.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Ben Shum <bshum@biblio.org>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm
index c830844..a5a4f6c 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm
@@ -462,7 +462,13 @@ sub process_results {
             my $rec = $results->record($_);
 
             if ($tformat eq 'usmarc') {
-                $marc = MARC::Record->new_from_usmarc($rec->raw());
+                my $raw = $rec->raw();
+                if (length($raw) <= 99999) {
+                    $marc = MARC::Record->new_from_usmarc($raw);
+                } else {
+                    $marcs = '';
+                    die "ISO2709 record is too large to process";
+                }
             } elsif ($tformat eq 'xml') {
                 $marc = MARC::Record->new_from_xml($rec->raw());
             } else {