You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by no...@apache.org on 2006/06/15 04:00:51 UTC

svn commit: r414436 - in /james/server/trunk/src/java/org/apache/james: smtpserver/SMTPHandler.java util/CRLFTerminatedReader.java

Author: noel
Date: Wed Jun 14 19:00:50 2006
New Revision: 414436

URL: http://svn.apache.org/viewvc?rev=414436&view=rev
Log:
Quick fix for CVS-2006-2806

Modified:
    james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java
    james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java

Modified: james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java
URL: http://svn.apache.org/viewvc/james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java?rev=414436&r1=414435&r2=414436&view=diff
==============================================================================
--- james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java (original)
+++ james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java Wed Jun 14 19:00:50 2006
@@ -507,6 +507,8 @@
             return commandLine;
         } catch (CRLFTerminatedReader.TerminationException te) {
             writeLoggedFlushedResponse("501 Syntax error at character position " + te.position() + ". CR and LF must be CRLF paired.  See RFC 2821 #2.7.1.");
+        } catch (CRLFTerminatedReader.LineLengthExceededException llee) {
+            writeLoggedFlushedResponse("500 Line length exceeded. See RFC 2821 #4.5.3.1.");
         }
     }
 

Modified: james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java
URL: http://svn.apache.org/viewvc/james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java?rev=414436&r1=414435&r2=414436&view=diff
==============================================================================
--- james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java (original)
+++ james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java Wed Jun 14 19:00:50 2006
@@ -47,6 +47,12 @@
         }
     }
 
+    public class LineLengthExceededException extends IOException {
+        public LineLengthExceededException(String s) {
+            super(s);
+        }
+    }
+
     /**
      * Constructs this CRLFTerminatedReader.
      * @param in an InputStream
@@ -98,7 +104,10 @@
          */ 
         boolean cr_just_received = false;
 
-        while (true){
+        // Until we add support for specifying a maximum line lenth as
+        // a Service Extension, limit lines to 2K, which is twice what
+        // RFC 2821 4.5.3.1 requires.
+        while (lineBuffer.length() <= 2048) {
             int inChar = read();
 
             if (!cr_just_received){
@@ -135,6 +144,7 @@
                 }
             }
         }//while
+        throw new LineLengthExceededException("Exceeded maximum line length");
     }//method readLine()
 
     public int read() throws IOException {



---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org