[
https://issues.apache.org/jira/browse/MIME4J-57?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12633006#action_12633006
]
Stefano Bagnara commented on MIME4J-57:
---------------------------------------
The line limit of 998 bytes+CRLF is from the MIME spec (rfc2822 - 2.1.1. Line
Length Limits) , so maybe it should be a MimeException because this also is
unrecoverable. With this option we simply make the length configurable, but it
should never be less than 998 (maybe should be added to the javadoc for
MimeEntityConfig, or maybe we should raise an exception if a value less than
998 is used.)
> Add a max limit to header length for parsing.
> ---------------------------------------------
>
> Key: MIME4J-57
> URL: https://issues.apache.org/jira/browse/MIME4J-57
> Project: JAMES Mime4j
> Issue Type: Bug
> Affects Versions: 0.3
> Reporter: Stefano Bagnara
> Priority: Critical
> Fix For: 0.5
>
> Attachments: maxlinelen.patch
>
>
> MIME4J-55 showed issues with very long multipart mime boundary.
> It has been fixed by having the buffer size depending on the boundary length.
> This create possible issues (OOM/DoS) with malicious messages.
> It would be good to define a maximum length for an header.
> Somewhere in mime rfc or smtp rfc there is a maximum of 998+CRLF ascii bytes
> per line, of course we may want to support longer headers, but not very long
> ones.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
