From 125521ddc18647d54164d1910a753465c50fb010 Mon Sep 17 00:00:00 2001
From: Přemysl Janouch <p.janouch@gmail.com>
Date: Fri, 19 Sep 2014 01:23:31 +0200
Subject: script: set a scricter limit on memory

---
 plugins/script | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'plugins/script')

diff --git a/plugins/script b/plugins/script
index f725048..a9de176 100755
--- a/plugins/script
+++ b/plugins/script
@@ -32,6 +32,9 @@
 #include <strings.h>
 #include <math.h>
 
+#define ADDRESS_SPACE_LIMIT (100 * 1024 * 1024)
+#include <sys/resource.h>
+
 #if defined __GNUC__
 #define ATTRIBUTE_PRINTF(x, y) __attribute__ ((format (printf, x, y)))
 #else // ! __GNUC__
@@ -2164,6 +2167,15 @@ main (int argc, char *argv[])
 	freopen (NULL, "rb", stdin);   setvbuf (stdin,  NULL, _IOLBF, BUFSIZ);
 	freopen (NULL, "wb", stdout);  setvbuf (stdout, NULL, _IOLBF, BUFSIZ);
 
+	struct rlimit limit =
+	{
+		.rlim_cur = ADDRESS_SPACE_LIMIT,
+		.rlim_max = ADDRESS_SPACE_LIMIT
+	};
+
+	// Lower the memory limits to something sensible to prevent abuse
+	(void) setrlimit (RLIMIT_AS, &limit);
+
 	read_db ();
 	init_runtime_library ();
 	register_handler (".", fn_dot);
-- 
cgit v1.2.3-70-g09d2