[jira] Commented: (JAMES-1190) Netty codec problem

Thu, 03 Feb 2011 22:34:53 -0800 

    [ 
https://issues.apache.org/jira/browse/JAMES-1190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12990467#comment-12990467
 ] 

Norman Maurer commented on JAMES-1190:
--------------------------------------

The problem is we need to limit the line length somehow otherwise it would be 
possible to do a DOS attack really easy. 

For a recommendation see:
http://www.faqs.org/rfcs/rfc2683.html

RFC 2683 section 3.2.1 (imap4 implementation
recommendations):

"For its part, a server should allow for a command line of at least
 8000 octets. This provides plenty of leeway for accepting reasonable
 length commands from clients.  The server should send a BAD response
 to a command that does not end within the server's maximum accepted
 command length."


Maybe we should make the limit configurable.. 

WDYT ?


> Netty codec problem
> -------------------
>
>                 Key: JAMES-1190
>                 URL: https://issues.apache.org/jira/browse/JAMES-1190
>             Project: JAMES Server
>          Issue Type: Bug
>    Affects Versions: 3.0-M2
>         Environment: Linux ... 2.6.25.3-18.fc9.x86_64 #1 SMP Tue May 13 
> 04:54:47 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
>            Reporter: Wojtek Strzalka
>             Fix For: 3.0-M2
>
>
> WARNING: EXCEPTION, please implement 
> org.apache.james.imapserver.netty.ImapChannelUpstreamHandler.exceptionCaught()
>  for
> proper handling.
> org.jboss.netty.handler.codec.frame.TooLongFrameException: frame length 
> exceeds 8192: 9600 - discarded
>         at 
> org.jboss.netty.handler.codec.frame.DelimiterBasedFrameDecoder.fail(DelimiterBasedFrameDecoder.java:214)
>         at 
> org.jboss.netty.handler.codec.frame.DelimiterBasedFrameDecoder.decode(DelimiterBasedFrameDecoder.java:183)
>         at 
> org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
>         at 
> org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:214)
>         at 
> org.jboss.netty.handler.timeout.IdleStateHandler.messageReceived(IdleStateHandler.java:276)
>         at 
> org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:302)
>         at 
> org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:317)
>         at 
> org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:299)
>         at 
> org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:216)
>         at 
> org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:274)
>         at 
> org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:261)
>         at 
> org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:350)
>         at 
> org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:281)
>         at 
> org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:201)
>         at 
> org.jboss.netty.util.internal.IoWorkerRunnable.run(IoWorkerRunnable.java:46)
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>         at java.lang.Thread.run(Thread.java:619)

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to