smtp: Limit incoming line length
On the smtp client package, there is no limit to the length of the server's replies, so an evil server could cause a memory exhaustion DoS by issuing very long lines. This patch fixes the bug by limiting the total size of received data. Ideally this would be done per-line instead, but gets much more complex, so this is a compromise. The limit chosen is 2 MiB, which should be plenty for any the total size of server-side replies, considering we only send a single message per connection anyway. This is similar to 06d808c8 (smtpsrv: Limit incoming line length), which was found and reported by Max Mazurov ([email protected]).
Showing with 67 additions and 13 deletions