• Alberto Bertogli's avatar
    smtpsrv: Keep reading DATA input even if it's too large · 4edcd79a
    Alberto Bertogli authored
    When the DATA input is too large, we should keep on reading through it
    until we reach the end marker, otherwise there is a security problem:
    the remaining data will be interpreted as SMTP commands, so for example
    a forwarded message that is too long might end up executing SMTP
    commands under an authenticated user.
    This patch implements this behaviour, while being careful not to consume
    extra memory to avoid opening up the possibility of a DoS.
    Note the equivalent logic for single long lines is already implemented.
conn_test.go 3.75 KB