From 0234c59782c9a552a3afd6f328d006fe73de7e18 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Tue, 19 Aug 2014 13:19:20 -0700 Subject: [PATCH] LP#1358916: refuse to retrieve over-large MARC records via Z39.50 At least one malformed record discovered in the wild can cause open-ils.search backends to balloon to over 3G of memory consumption. This patch works around that by refusing to process any (MARC) Z39.50 results that are larger than the MARC record maximum of 99,999 octets. Signed-off-by: Galen Charlton Signed-off-by: Ben Shum --- Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm index c830844577..a5a4f6c9c4 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Z3950.pm @@ -462,7 +462,13 @@ sub process_results { my $rec = $results->record($_); if ($tformat eq 'usmarc') { - $marc = MARC::Record->new_from_usmarc($rec->raw()); + my $raw = $rec->raw(); + if (length($raw) <= 99999) { + $marc = MARC::Record->new_from_usmarc($raw); + } else { + $marcs = ''; + die "ISO2709 record is too large to process"; + } } elsif ($tformat eq 'xml') { $marc = MARC::Record->new_from_xml($rec->raw()); } else { -- 2.11.0