True enough.. I will higher the limit and revert my change.. Thx again for review and comments..
Bye, Norman 2010/2/22 Stefano Bagnara <[email protected]>: > Sure, we can even set it to 10K or even 100K.. but better to limit it > otherwise it will be an easy exploit target. If we don't want this > kind of limit then we have to change from line processing to simple > stream processing. > > Stefano > > 2010/2/22 Norman Maurer <[email protected]>: >> Hmm ok, >> >> I removed it because I had some problems with emails that was send >> from cron daemons (system reports). Maybe we should just higher the >> limit on data >> >> WDYTH ? >> >> Bye, >> Norman >> >> 2010/2/19 Stefano Bagnara <[email protected]>: >>> 2010/2/18 <[email protected]>: >>>> Author: norman >>>> Date: Thu Feb 18 18:19:52 2010 >>>> New Revision: 911507 >>>> >>>> URL: http://svn.apache.org/viewvc?rev=911507&view=rev >>>> Log: >>>> Make sure to only check for max line length while processing not the DATA >>>> command >>> >>> Hi Norman, as far as I know the 1000 bytes limit per row in the RFC is >>> valid also in the DATA command and also for 8BITMIME. The only >>> extension breaking this limit is BINARY, not 8BITMIME. >>> >>> Here is an excerpt from rfc: >>> ---- >>> Finally, although the >>> content body contains arbitrary lines of octet-aligned material, the >>> length of each line (number of octets between two CR-LF pairs), is >>> still subject to SMTP server line length restrictions (which may >>> allow as few as 1000 octets on a single line). >>> >>> Read more: http://www.faqs.org/rfcs/rfc1652.html#ixzz0fxKhlkGx >>> ----- >>> >>> If we use a line based processor we also have to enforce a line length >>> limit everywhere or we'll go OOM on very long lines. >>> >>> Stefano >>> >>>> Modified: >>>> >>>> james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java >>>> >>>> james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java >>>> >>>> james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java >>>> >>>> Modified: >>>> james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java >>>> URL: >>>> http://svn.apache.org/viewvc/james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java?rev=911507&r1=911506&r2=911507&view=diff >>>> ============================================================================== >>>> --- >>>> james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java >>>> (original) >>>> +++ >>>> james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java >>>> Thu Feb 18 18:19:52 2010 >>>> @@ -33,6 +33,8 @@ >>>> public class CRLFTerminatedLineDecoder extends CumulativeProtocolDecoder { >>>> >>>> private int maxLineLength; >>>> + >>>> + private boolean check = true; >>>> >>>> public static int DEFAULT_MAX_LINE_LENTH = 2048; >>>> >>>> @@ -52,7 +54,11 @@ >>>> public CRLFTerminatedLineDecoder() { >>>> this(DEFAULT_MAX_LINE_LENTH); >>>> } >>>> + >>>> >>>> + public synchronized void checkLineLengthLimit(boolean check) { >>>> + this.check = check; >>>> + } >>>> >>>> /* >>>> * (non-Javadoc) >>>> @@ -69,7 +75,7 @@ >>>> // Now find the first CRLF in the buffer. >>>> byte previous = 0; >>>> >>>> - if (maxLineLength != -1 && in.remaining() > maxLineLength) { >>>> + if (check && maxLineLength != -1 && in.remaining() > >>>> maxLineLength) { >>>> >>>> // clear the buffer before throw exception >>>> in.clear(); >>>> >>>> Modified: >>>> james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java >>>> URL: >>>> http://svn.apache.org/viewvc/james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java?rev=911507&r1=911506&r2=911507&view=diff >>>> ============================================================================== >>>> --- >>>> james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java >>>> (original) >>>> +++ >>>> james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java >>>> Thu Feb 18 18:19:52 2010 >>>> @@ -21,6 +21,7 @@ >>>> >>>> import java.nio.charset.Charset; >>>> >>>> +import org.apache.mina.core.session.AttributeKey; >>>> import org.apache.mina.core.session.IoSession; >>>> import org.apache.mina.filter.codec.ProtocolCodecFactory; >>>> import org.apache.mina.filter.codec.ProtocolDecoder; >>>> @@ -34,7 +35,9 @@ >>>> * >>>> */ >>>> public class JamesProtocolCodecFactory implements ProtocolCodecFactory { >>>> - >>>> + public static final AttributeKey DECODER_KEY = new >>>> AttributeKey(CRLFTerminatedLineDecoder.class,"decoder"); >>>> + public static final AttributeKey ENCODER_KEY = new >>>> AttributeKey(TextLineEncoder.class,"encoder"); >>>> + >>>> private final ProtocolEncoder encoder = new >>>> TextLineEncoder(Charset.forName("US-ASCII"), LineDelimiter.CRLF); >>>> private final ProtocolDecoder decoder = new >>>> CRLFTerminatedLineDecoder(); >>>> >>>> @@ -43,6 +46,8 @@ >>>> * @see >>>> org.apache.mina.filter.codec.ProtocolCodecFactory#getEncoder(org.apache.mina.core.session.IoSession) >>>> */ >>>> public ProtocolEncoder getEncoder(IoSession arg0) throws Exception { >>>> + arg0.setAttribute(ENCODER_KEY,encoder); >>>> + >>>> return encoder; >>>> } >>>> >>>> @@ -51,6 +56,7 @@ >>>> * @see >>>> org.apache.mina.filter.codec.ProtocolCodecFactory#getDecoder(org.apache.mina.core.session.IoSession) >>>> */ >>>> public ProtocolDecoder getDecoder(IoSession arg0) throws Exception { >>>> + arg0.setAttribute(DECODER_KEY,decoder); >>>> return decoder; >>>> } >>>> } >>>> >>>> Modified: >>>> james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java >>>> URL: >>>> http://svn.apache.org/viewvc/james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java?rev=911507&r1=911506&r2=911507&view=diff >>>> ============================================================================== >>>> --- >>>> james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java >>>> (original) >>>> +++ >>>> james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java >>>> Thu Feb 18 18:19:52 2010 >>>> @@ -33,6 +33,8 @@ >>>> import org.apache.james.smtpserver.mina.filter.SMTPResponseFilter; >>>> import org.apache.james.smtpserver.mina.filter.TarpitFilter; >>>> import org.apache.james.socket.mina.AbstractMINASession; >>>> +import org.apache.james.socket.mina.codec.CRLFTerminatedLineDecoder; >>>> +import org.apache.james.socket.mina.codec.JamesProtocolCodecFactory; >>>> import org.apache.james.socket.mina.filter.FilterLineHandlerAdapter; >>>> import org.apache.mina.core.session.IoSession; >>>> >>>> @@ -113,6 +115,7 @@ >>>> if (currentHeloMode != null) { >>>> getState().put(CURRENT_HELO_MODE, currentHeloMode); >>>> } >>>> + >>>> } >>>> >>>> /** >>>> @@ -122,6 +125,9 @@ >>>> getIoSession().getFilterChain() >>>> .remove("lineHandler" + lineHandlerCount); >>>> lineHandlerCount--; >>>> + if (lineHandlerCount == 0) { >>>> + >>>> ((CRLFTerminatedLineDecoder)getIoSession().getAttribute(JamesProtocolCodecFactory.DECODER_KEY)).checkLineLengthLimit(true); >>>> + } >>>> } >>>> >>>> /** >>>> @@ -132,6 +138,10 @@ >>>> >>>> getIoSession().getFilterChain().addAfter(SMTPResponseFilter.NAME, >>>> "lineHandler" + lineHandlerCount, >>>> new >>>> FilterLineHandlerAdapter<SMTPSession>(overrideCommandHandler,SMTP_SESSION)); >>>> + // disable the line length limit because we are processing >>>> the data >>>> + // not sure if this is the right place todo this >>>> + >>>> ((CRLFTerminatedLineDecoder)getIoSession().getAttribute(JamesProtocolCodecFactory.DECODER_KEY)).checkLineLengthLimit(false); >>>> + >>>> } >>>> >>>> >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
