From 7857586278c4ae5e032c475e8e5e4a7c6cd4c10e Mon Sep 17 00:00:00 2001
From: Jacob Bachmeyer <jcb@gnu.org>
Date: Fri, 14 Oct 2022 21:40:57 -0500
Subject: [PATCH] Use symbolic constants for limits in scan_incoming

---
 gatekeeper.pl | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 1bf3f95..fab79a2 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -440,7 +440,7 @@ openlog(SYSLOG_APP_IDENT, 'pid', SYSLOG_FACILITY);
 ftp_syslog('info', "Beginning upload processing run.");
 
 #
-# -- Filename validation patterns
+# -- Filename validation patterns and limits
 #
 
 # Directives use POSIX-style filenames, regardless of what platform we are
@@ -460,6 +460,13 @@ my $RE_filename_here = qr/[[:alnum:]_+][-.[:alnum:]_+~]*/;
 #  a trailing slash is not allowed
 my $RE_filename_relative = qr[$RE_filename_here(?:/$RE_filename_here)*];
 
+# limit on the length of a filename that will be processed
+use constant MAX_FILE_NAME_LEN => 100;
+
+# limits on the sizes of directive and signature files that will be processed
+use constant MAX_DIRECTIVE_SIZE => 50*1024;	# 50 KiB
+use constant MAX_SIGNATURE_SIZE => 50*1024;	# 50 KiB
+
 #
 # -- Configuration sanity check
 #
@@ -860,7 +867,7 @@ sub scan_incoming {
     my $ent = $1;
 
     # Don't look at files with really long names, either.
-    next if length ($ent) > 100;
+    next if length ($ent) > MAX_FILE_NAME_LEN;
     ftp_syslog('debug', "DEBUG: "
 	       ."uploaded file to check: $ent") if DEBUG;
     $possible{$ent} = 1;
@@ -999,12 +1006,12 @@ sub scan_incoming {
 		   ."to $incoming_tmp/$base failed: $!",0);
       }
       delete $possible{$base};
-    } elsif ((-f $directive) && ((-s $directive) >= 50*1024)) {
+    } elsif ((-f $directive) && ((-s $directive) >= MAX_DIRECTIVE_SIZE)) {
       rename ("$incoming_dir/$directive", "$incoming_dir/.$directive");
       ftp_syslog('info', "directive file ($directive) larger than 50KB");
       fatal("The directive file $directive is larger than 50KB. "
 	    ."This can not be correct, ignoring upload.",0);
-    } elsif ((-f $sig) && ((-s $sig) >= 50*1024)) {
+    } elsif ((-f $sig) && ((-s $sig) >= MAX_SIGNATURE_SIZE)) {
       rename ("$incoming_dir/$sig", "$incoming_dir/.$sig");
       ftp_syslog('info', "signature file ($sig) larger than 50KB");
       fatal("The signature file $sig is larger than 50KB. "
-- 
2.25.1