james-mime4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Burrell Donkin (JIRA)" <mime4j-...@james.apache.org>
Subject [jira] Closed: (MIME4J-57) Add a max limit to header length for parsing.
Date Wed, 04 Feb 2009 20:52:01 GMT

     [ https://issues.apache.org/jira/browse/MIME4J-57?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Robert Burrell Donkin closed MIME4J-57.

Closing all issues fixed previously, after a brief review of each.

> Add a max limit to header length for parsing.
> ---------------------------------------------
>                 Key: MIME4J-57
>                 URL: https://issues.apache.org/jira/browse/MIME4J-57
>             Project: JAMES Mime4j
>          Issue Type: Bug
>    Affects Versions: 0.3
>            Reporter: Stefano Bagnara
>            Priority: Critical
>             Fix For: 0.5
>         Attachments: maxlinelen.patch
> MIME4J-55 showed issues with very long multipart mime boundary.
> It has been fixed by having the buffer size depending on the boundary length. This create
possible issues (OOM/DoS) with malicious messages.
> It would be good to define a maximum length for an header.
> Somewhere in mime rfc or smtp rfc there is a maximum of 998+CRLF ascii bytes per line,
of course we may want to support longer headers, but not very long ones.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message