james-mime4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Bagnara <apa...@bago.org>
Subject Re: Incorrect line length limitation while parsing headers
Date Wed, 12 Jan 2011 08:59:44 GMT
2011/1/12 Jesse Long <jpl@unknown.za.net>:
> Hi All,
>
> With regards to the bug - Just changing the wording of the exception is not
> really sufficient. Yes, it will now correctly describe the error, but my
> problem persists. I have a, say, 2300 byte header - I cannot parse it. I
> understand that we must protect against arbitrarily long headers, like a
> 50Mb header, but surely we must also allow a header that spans multiple
> lines. The whole point of header folding is to allow headers longer that
> 1000 chars. So, we must make the header size limit greater than 1000 chars.
> Maybe 10000 chars is an acceptable default header size limit?
>
> I had a look at trunk, and the code has change somewhat. I cant tell quickly
> if the code in trunk is using the 1000 char limit for header size or not.
>
> My request: please perform a release on the 0.6 branch (0.6.2) that allows
> me to parse headers in excess of 1000 chars when using code like:
>
> Message m = new Message(inputStream);

Having a better default makes sense, please file a JIRA issue.
http://issues.apache.org/jira/browse/MIME4J

> On 11/01/2011 10:24, Stefano Bagnara wrote:
>>
>> Hi,
>>
>> in trunk we changed the exception to "max header length exception": as
>> we use a single buffer to store a whole header (even if it is folded
>> in 100 lines) we need to protect from memory usage using such limit.
>> We just released 0.6.1, not sure if we will release 0.6.2 or wait for
>> 0.7. In case we will backport the change from trunk and change the
>> exception description instead of changing the logic.
>>
>> Please file an issue at http://issues.apache.org/jira/browse/MIME4J
>>
>> Stefano
>>
>> 2011/1/11 Jesse Long<jesse@virtualpostman.co.za>:
>>>
>>> Hi,
>>>
>>> Please see the following code in mime4j 0.6:
>>>
>>>
>>> http://james.apache.org/mime4j/xref/org/apache/james/mime4j/parser/AbstractEntity.html#133
>>>
>>> The for loop checks for excess line length in headers based on the
>>> complete
>>> length of the header, not on each individual line in the header.
>>>
>>> So, my header like this:
>>>
>>> X-Header-Name:<980 chars><CRLF>
>>> <20 chars><CRLF>
>>> <25 chars><CRLF>
>>>
>>> fails, because the complete length of the header is>  1000, however, no
>>> line
>>> in the mime message is longer than 1000 chars...
>>>
>>> I suggest just removing the check for excess line length in the
>>> fillFieldBuffer() method.
>>>
>>> Cheers,
>>> Jesse
>>>
>
>

Mime
View raw message