Return-Path: Delivered-To: apmail-james-mime4j-dev-archive@minotaur.apache.org Received: (qmail 43170 invoked from network); 4 Feb 2009 20:53:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Feb 2009 20:53:03 -0000 Received: (qmail 15037 invoked by uid 500); 4 Feb 2009 20:53:03 -0000 Delivered-To: apmail-james-mime4j-dev-archive@james.apache.org Received: (qmail 15008 invoked by uid 500); 4 Feb 2009 20:53:03 -0000 Mailing-List: contact mime4j-dev-help@james.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: mime4j-dev@james.apache.org Delivered-To: mailing list mime4j-dev@james.apache.org Received: (qmail 14988 invoked by uid 99); 4 Feb 2009 20:53:03 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Feb 2009 12:53:03 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Feb 2009 20:53:02 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 0EFC2234C4CF for ; Wed, 4 Feb 2009 12:52:01 -0800 (PST) Message-ID: <84003257.1233780721060.JavaMail.jira@brutus> Date: Wed, 4 Feb 2009 12:52:01 -0800 (PST) From: "Robert Burrell Donkin (JIRA)" To: mime4j-dev@james.apache.org Subject: [jira] Closed: (MIME4J-57) Add a max limit to header length for parsing. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/MIME4J-57?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Burrell Donkin closed MIME4J-57. --------------------------------------- Closing all issues fixed previously, after a brief review of each. > Add a max limit to header length for parsing. > --------------------------------------------- > > Key: MIME4J-57 > URL: https://issues.apache.org/jira/browse/MIME4J-57 > Project: JAMES Mime4j > Issue Type: Bug > Affects Versions: 0.3 > Reporter: Stefano Bagnara > Priority: Critical > Fix For: 0.5 > > Attachments: maxlinelen.patch > > > MIME4J-55 showed issues with very long multipart mime boundary. > It has been fixed by having the buffer size depending on the boundary length. This create possible issues (OOM/DoS) with malicious messages. > It would be good to define a maximum length for an header. > Somewhere in mime rfc or smtp rfc there is a maximum of 998+CRLF ascii bytes per line, of course we may want to support longer headers, but not very long ones. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.