Author: norman Date: Fri Jan 27 19:30:23 2012 New Revision: 1236850 URL: http://svn.apache.org/viewvc?rev=1236850&view=rev Log: Allow to limit the max size of a literal for security reasons. Default is unlimited
Modified: james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/ImapRequestFrameDecoder.java james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapRequestLineReader.java Modified: james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java URL: http://svn.apache.org/viewvc/james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java?rev=1236850&r1=1236849&r2=1236850&view=diff ============================================================================== --- james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java (original) +++ james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java Fri Jan 27 19:30:23 2012 @@ -73,6 +73,9 @@ public class IMAPServer extends Abstract private int timeout; + private int literalSizeLimit; + + // Use a big default public final static int DEFAULT_MAX_LINE_LENGTH = 65536; @@ -82,7 +85,8 @@ public class IMAPServer extends Abstract // default timeout is 30 seconds public final static int DEFAULT_TIMEOUT = 30 * 60; - + public final static int DEFAULT_LITERAL_SIZE_LIMIT = 0; + @Resource(name = "imapDecoder") public void setImapDecoder(ImapDecoder decoder) { this.decoder = decoder; @@ -105,6 +109,8 @@ public class IMAPServer extends Abstract compress = configuration.getBoolean("compress", false); maxLineLength = configuration.getInt("maxLineLength", DEFAULT_MAX_LINE_LENGTH); inMemorySizeLimit = configuration.getInt("inMemorySizeLimit", DEFAULT_IN_MEMORY_SIZE_LIMIT); + literalSizeLimit = configuration.getInt("literalSizeLimit", DEFAULT_LITERAL_SIZE_LIMIT); + plainAuthDisallowed = configuration.getBoolean("plainAuthDisallowed", false); timeout = configuration.getInt("timeout", DEFAULT_TIMEOUT); if (timeout < DEFAULT_TIMEOUT) { @@ -169,7 +175,7 @@ public class IMAPServer extends Abstract pipeline.addLast(EXECUTION_HANDLER, ehandler); } - pipeline.addLast(REQUEST_DECODER, new ImapRequestFrameDecoder(decoder, inMemorySizeLimit)); + pipeline.addLast(REQUEST_DECODER, new ImapRequestFrameDecoder(decoder, inMemorySizeLimit, literalSizeLimit)); pipeline.addLast(CORE_HANDLER, createCoreHandler()); return pipeline; Modified: james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/ImapRequestFrameDecoder.java URL: http://svn.apache.org/viewvc/james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/ImapRequestFrameDecoder.java?rev=1236850&r1=1236849&r2=1236850&view=diff ============================================================================== --- james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/ImapRequestFrameDecoder.java (original) +++ james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/ImapRequestFrameDecoder.java Fri Jan 27 19:30:23 2012 @@ -50,13 +50,15 @@ public class ImapRequestFrameDecoder ext private final ImapDecoder decoder; private final int inMemorySizeLimit; + private final int literalSizeLimit; private final static String NEEDED_DATA = "NEEDED_DATA"; private final static String STORED_DATA = "STORED_DATA"; private final static String WRITTEN_DATA = "WRITTEN_DATA"; - public ImapRequestFrameDecoder(ImapDecoder decoder, int inMemorySizeLimit) { + public ImapRequestFrameDecoder(ImapDecoder decoder, int inMemorySizeLimit, int literalSizeLimit) { this.decoder = decoder; this.inMemorySizeLimit = inMemorySizeLimit; + this.literalSizeLimit = literalSizeLimit; } @Override @@ -152,10 +154,10 @@ public class ImapRequestFrameDecoder ext } else { - reader = new NettyImapRequestLineReader(channel, buffer, retry); + reader = new NettyImapRequestLineReader(channel, buffer, retry, literalSizeLimit); } } else { - reader = new NettyImapRequestLineReader(channel, buffer, retry); + reader = new NettyImapRequestLineReader(channel, buffer, retry, literalSizeLimit); } ImapSession session = (ImapSession) attributes.get(channel); Modified: james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapRequestLineReader.java URL: http://svn.apache.org/viewvc/james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapRequestLineReader.java?rev=1236850&r1=1236849&r2=1236850&view=diff ============================================================================== --- james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapRequestLineReader.java (original) +++ james/server/trunk/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapRequestLineReader.java Fri Jan 27 19:30:23 2012 @@ -22,6 +22,7 @@ package org.apache.james.imapserver.nett import java.io.InputStream; import org.apache.commons.io.input.BoundedInputStream; +import org.apache.james.imap.api.display.HumanReadableText; import org.apache.james.imap.decode.DecodingException; import org.apache.james.imap.decode.ImapRequestLineReader; import org.apache.james.imap.decode.base.EolInputStream; @@ -39,12 +40,14 @@ public class NettyImapRequestLineReader private ChannelBuffer buffer; private int read = 0; + private final int maxLiteralSize; - public NettyImapRequestLineReader(Channel channel, ChannelBuffer buffer, boolean retry) { + public NettyImapRequestLineReader(Channel channel, ChannelBuffer buffer, boolean retry, int maxLiteralSize) { super(channel, retry); this.buffer = buffer; - + this.maxLiteralSize = maxLiteralSize; } + /** * Return the next char to read. This will return the same char on every @@ -80,6 +83,10 @@ public class NettyImapRequestLineReader if (extraCRLF) { crlf = 2; } + + if (maxLiteralSize > 0 && maxLiteralSize > size) { + throw new DecodingException(HumanReadableText.FAILED, "Specified literal is greater then the allowed size"); + } // Check if we have enough data if (size + crlf > buffer.readableBytes()) { // ok let us throw a exception which till the decoder how many more --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org