james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Norman Maurer <norman.mau...@googlemail.com>
Subject Re: svn commit: r911507 - in /james/server/trunk: mina-socket/src/main/java/org/apache/james/socket/mina/codec/ smtpserver/src/main/java/org/apache/james/smtpserver/mina/
Date Tue, 23 Feb 2010 06:08:38 GMT
True enough.. I will higher the limit and revert my change..

Thx again for review and comments..

Bye,
Norman

2010/2/22 Stefano Bagnara <apache@bago.org>:
> Sure, we can even set it to 10K or even 100K.. but better to limit it
> otherwise it will be an easy exploit target. If we don't want this
> kind of limit then we have to change from line processing to simple
> stream processing.
>
> Stefano
>
> 2010/2/22 Norman Maurer <norman.maurer@googlemail.com>:
>> Hmm ok,
>>
>> I removed it because I had some problems with emails that was send
>> from cron daemons (system reports). Maybe we should just higher the
>> limit on data
>>
>> WDYTH ?
>>
>> Bye,
>> Norman
>>
>> 2010/2/19 Stefano Bagnara <apache@bago.org>:
>>> 2010/2/18  <norman@apache.org>:
>>>> Author: norman
>>>> Date: Thu Feb 18 18:19:52 2010
>>>> New Revision: 911507
>>>>
>>>> URL: http://svn.apache.org/viewvc?rev=911507&view=rev
>>>> Log:
>>>> Make sure to only check for max line length while processing not the DATA
command
>>>
>>> Hi Norman, as far as I know the 1000 bytes limit per row in the RFC is
>>> valid also in the DATA command and also for 8BITMIME. The only
>>> extension breaking this limit is BINARY, not 8BITMIME.
>>>
>>> Here is an excerpt from rfc:
>>> ----
>>> Finally, although the
>>>   content body contains arbitrary lines of octet-aligned material, the
>>>   length of each line (number of octets between two CR-LF pairs), is
>>>   still subject to SMTP server line length restrictions (which may
>>>   allow as few as 1000 octets on a single line).
>>>
>>> Read more: http://www.faqs.org/rfcs/rfc1652.html#ixzz0fxKhlkGx
>>> -----
>>>
>>> If we use a line based processor we also have to enforce a line length
>>> limit everywhere or we'll go OOM on very long lines.
>>>
>>> Stefano
>>>
>>>> Modified:
>>>>    james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java
>>>>    james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java
>>>>    james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java
>>>>
>>>> Modified: james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java
>>>> URL: http://svn.apache.org/viewvc/james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java?rev=911507&r1=911506&r2=911507&view=diff
>>>> ==============================================================================
>>>> --- james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java
(original)
>>>> +++ james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java
Thu Feb 18 18:19:52 2010
>>>> @@ -33,6 +33,8 @@
>>>>  public class CRLFTerminatedLineDecoder extends CumulativeProtocolDecoder
{
>>>>
>>>>     private int maxLineLength;
>>>> +
>>>> +    private boolean check = true;
>>>>
>>>>     public static int DEFAULT_MAX_LINE_LENTH = 2048;
>>>>
>>>> @@ -52,7 +54,11 @@
>>>>     public CRLFTerminatedLineDecoder() {
>>>>         this(DEFAULT_MAX_LINE_LENTH);
>>>>     }
>>>> +
>>>>
>>>> +    public synchronized void checkLineLengthLimit(boolean check) {
>>>> +        this.check = check;
>>>> +    }
>>>>
>>>>     /*
>>>>      * (non-Javadoc)
>>>> @@ -69,7 +75,7 @@
>>>>         // Now find the first CRLF in the buffer.
>>>>         byte previous = 0;
>>>>
>>>> -        if (maxLineLength != -1 && in.remaining() > maxLineLength)
{
>>>> +        if (check && maxLineLength != -1 && in.remaining()
> maxLineLength) {
>>>>
>>>>             // clear the buffer before throw exception
>>>>             in.clear();
>>>>
>>>> Modified: james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java
>>>> URL: http://svn.apache.org/viewvc/james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java?rev=911507&r1=911506&r2=911507&view=diff
>>>> ==============================================================================
>>>> --- james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java
(original)
>>>> +++ james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/JamesProtocolCodecFactory.java
Thu Feb 18 18:19:52 2010
>>>> @@ -21,6 +21,7 @@
>>>>
>>>>  import java.nio.charset.Charset;
>>>>
>>>> +import org.apache.mina.core.session.AttributeKey;
>>>>  import org.apache.mina.core.session.IoSession;
>>>>  import org.apache.mina.filter.codec.ProtocolCodecFactory;
>>>>  import org.apache.mina.filter.codec.ProtocolDecoder;
>>>> @@ -34,7 +35,9 @@
>>>>  *
>>>>  */
>>>>  public class JamesProtocolCodecFactory  implements ProtocolCodecFactory
{
>>>> -
>>>> +    public static final AttributeKey DECODER_KEY = new AttributeKey(CRLFTerminatedLineDecoder.class,"decoder");
>>>> +    public static final AttributeKey ENCODER_KEY = new AttributeKey(TextLineEncoder.class,"encoder");
>>>> +
>>>>     private final ProtocolEncoder encoder = new TextLineEncoder(Charset.forName("US-ASCII"),
LineDelimiter.CRLF);
>>>>     private final ProtocolDecoder decoder = new CRLFTerminatedLineDecoder();
>>>>
>>>> @@ -43,6 +46,8 @@
>>>>      * @see org.apache.mina.filter.codec.ProtocolCodecFactory#getEncoder(org.apache.mina.core.session.IoSession)
>>>>      */
>>>>     public ProtocolEncoder getEncoder(IoSession arg0) throws Exception
{
>>>> +        arg0.setAttribute(ENCODER_KEY,encoder);
>>>> +
>>>>         return encoder;
>>>>     }
>>>>
>>>> @@ -51,6 +56,7 @@
>>>>      * @see org.apache.mina.filter.codec.ProtocolCodecFactory#getDecoder(org.apache.mina.core.session.IoSession)
>>>>      */
>>>>     public ProtocolDecoder getDecoder(IoSession arg0) throws Exception
{
>>>> +        arg0.setAttribute(DECODER_KEY,decoder);
>>>>         return decoder;
>>>>     }
>>>>  }
>>>>
>>>> Modified: james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java
>>>> URL: http://svn.apache.org/viewvc/james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java?rev=911507&r1=911506&r2=911507&view=diff
>>>> ==============================================================================
>>>> --- james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java
(original)
>>>> +++ james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/mina/SMTPSessionImpl.java
Thu Feb 18 18:19:52 2010
>>>> @@ -33,6 +33,8 @@
>>>>  import org.apache.james.smtpserver.mina.filter.SMTPResponseFilter;
>>>>  import org.apache.james.smtpserver.mina.filter.TarpitFilter;
>>>>  import org.apache.james.socket.mina.AbstractMINASession;
>>>> +import org.apache.james.socket.mina.codec.CRLFTerminatedLineDecoder;
>>>> +import org.apache.james.socket.mina.codec.JamesProtocolCodecFactory;
>>>>  import org.apache.james.socket.mina.filter.FilterLineHandlerAdapter;
>>>>  import org.apache.mina.core.session.IoSession;
>>>>
>>>> @@ -113,6 +115,7 @@
>>>>             if (currentHeloMode != null) {
>>>>                 getState().put(CURRENT_HELO_MODE, currentHeloMode);
>>>>             }
>>>> +
>>>>         }
>>>>
>>>>         /**
>>>> @@ -122,6 +125,9 @@
>>>>             getIoSession().getFilterChain()
>>>>                     .remove("lineHandler" + lineHandlerCount);
>>>>             lineHandlerCount--;
>>>> +            if (lineHandlerCount == 0) {
>>>> +                ((CRLFTerminatedLineDecoder)getIoSession().getAttribute(JamesProtocolCodecFactory.DECODER_KEY)).checkLineLengthLimit(true);
>>>> +            }
>>>>         }
>>>>
>>>>         /**
>>>> @@ -132,6 +138,10 @@
>>>>             getIoSession().getFilterChain().addAfter(SMTPResponseFilter.NAME,
>>>>                     "lineHandler" + lineHandlerCount,
>>>>                     new FilterLineHandlerAdapter<SMTPSession>(overrideCommandHandler,SMTP_SESSION));
>>>> +            // disable the line length limit because we are processing
the data
>>>> +            // not sure if this is the right place todo this
>>>> +            ((CRLFTerminatedLineDecoder)getIoSession().getAttribute(JamesProtocolCodecFactory.DECODER_KEY)).checkLineLengthLimit(false);
>>>> +
>>>>         }
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
>>>> For additional commands, e-mail: server-dev-help@james.apache.org
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-dev-help@james.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-dev-help@james.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
> For additional commands, e-mail: server-dev-help@james.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message