From 64decdbcb6411fe86c120d3ea17755fbe4cf297d Mon Sep 17 00:00:00 2001
From: Cyril Tovena <cyril.tovena@gmail.com>
Date: Fri, 12 Mar 2021 07:30:32 -0500
Subject: [PATCH] Set a max size for the logql parser to 5k. (#3471)

* Set a max size for the logql parser to 5k.

The API anyway receives the query via querystring which is normally max out by 2k based on RFC2616.
This will improve fuzzing too.

Signed-off-by: Cyril Tovena <cyril.tovena@gmail.com>

* better error.

Signed-off-by: Cyril Tovena <cyril.tovena@gmail.com>
---
 pkg/logql/parser.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/logql/parser.go b/pkg/logql/parser.go
index e306f24b2c..8485ec6b0b 100644
--- a/pkg/logql/parser.go
+++ b/pkg/logql/parser.go
@@ -2,6 +2,7 @@ package logql
 
 import (
 	"errors"
+	"fmt"
 	"sort"
 	"strings"
 	"sync"
@@ -22,6 +23,8 @@ var parserPool = sync.Pool{
 	},
 }
 
+const maxInputSize = 5120
+
 func init() {
 	// Improve the error messages coming out of yacc.
 	exprErrorVerbose = true
@@ -53,6 +56,10 @@ func (p *parser) Parse() (Expr, error) {
 
 // ParseExpr parses a string and returns an Expr.
 func ParseExpr(input string) (expr Expr, err error) {
+	if len(input) >= maxInputSize {
+		return nil, newParseError(fmt.Sprintf("input size too long (%d > %d)", len(input), maxInputSize), 0, 0)
+	}
+
 	defer func() {
 		if r := recover(); r != nil {
 			var ok bool
@@ -64,6 +71,7 @@ func ParseExpr(input string) (expr Expr, err error) {
 			}
 		}
 	}()
+
 	p := parserPool.Get().(*parser)
 	defer parserPool.Put(p)