You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by no...@apache.org on 2006/06/15 04:00:51 UTC
svn commit: r414436 - in /james/server/trunk/src/java/org/apache/james:
smtpserver/SMTPHandler.java util/CRLFTerminatedReader.java
Author: noel
Date: Wed Jun 14 19:00:50 2006
New Revision: 414436
URL: http://svn.apache.org/viewvc?rev=414436&view=rev
Log:
Quick fix for CVS-2006-2806
Modified:
james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java
james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java
Modified: james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java
URL: http://svn.apache.org/viewvc/james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java?rev=414436&r1=414435&r2=414436&view=diff
==============================================================================
--- james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java (original)
+++ james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java Wed Jun 14 19:00:50 2006
@@ -507,6 +507,8 @@
return commandLine;
} catch (CRLFTerminatedReader.TerminationException te) {
writeLoggedFlushedResponse("501 Syntax error at character position " + te.position() + ". CR and LF must be CRLF paired. See RFC 2821 #2.7.1.");
+ } catch (CRLFTerminatedReader.LineLengthExceededException llee) {
+ writeLoggedFlushedResponse("500 Line length exceeded. See RFC 2821 #4.5.3.1.");
}
}
Modified: james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java
URL: http://svn.apache.org/viewvc/james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java?rev=414436&r1=414435&r2=414436&view=diff
==============================================================================
--- james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java (original)
+++ james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java Wed Jun 14 19:00:50 2006
@@ -47,6 +47,12 @@
}
}
+ public class LineLengthExceededException extends IOException {
+ public LineLengthExceededException(String s) {
+ super(s);
+ }
+ }
+
/**
* Constructs this CRLFTerminatedReader.
* @param in an InputStream
@@ -98,7 +104,10 @@
*/
boolean cr_just_received = false;
- while (true){
+ // Until we add support for specifying a maximum line lenth as
+ // a Service Extension, limit lines to 2K, which is twice what
+ // RFC 2821 4.5.3.1 requires.
+ while (lineBuffer.length() <= 2048) {
int inChar = read();
if (!cr_just_received){
@@ -135,6 +144,7 @@
}
}
}//while
+ throw new LineLengthExceededException("Exceeded maximum line length");
}//method readLine()
public int read() throws IOException {
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org