test message size limit directly on the client input

1 files changed, 9 insertions, 5 deletions

diff --git a/smtpd/smtp_session.c b/smtpd/smtp_session.c
index 68a7c3bb..afc4635a 100644
--- a/smtpd/smtp_session.c
+++ b/smtpd/smtp_session.c
@@ -145,6 +145,7 @@ struct smtp_session {
 	size_t			 rcptfail;
 	TAILQ_HEAD(, smtp_rcpt)	 rcpts;
 
+	size_t			 datain;
 	size_t			 odatalen;
 	struct iobuf		 obuf;
 	struct io		 oev;
@@ -265,11 +266,6 @@ dataline_callback(const char *line, void *arg)
 
 	len = strlen(line) + 1;
 
-        if (s->odatalen + len > env->sc_maxsize) {
-                s->msgflags |= MF_ERROR_SIZE;
-                return;
-        }
-
 	if (iobuf_fqueue(&s->obuf, "%s\n", line) != (int)len) {
                 s->msgflags |= MF_ERROR_IO;
                 return;
@@ -2213,6 +2209,7 @@ smtp_message_reset(struct smtp_session *s, int prepare)
 	s->msgflags = 0;
 	s->destcount = 0;
 	s->rcptcount = 0;
+	s->datain = 0;
 	s->odatalen = 0;
 	s->dataeom = 0;
 	s->rcvcount = 0;
@@ -2555,6 +2552,13 @@ smtp_filter_dataline(struct smtp_session *s, const char *line)
 	if (*line == '\0')
 		s->hdrdone = 1;
 
+	/* account for newline */
+	s->datain += strlen(line) + 1;
+	if (s->datain > env->sc_maxsize) {
+		s->msgflags |= MF_ERROR_SIZE;
+		return;
+	}
+
 	/* check for loops */
 	if (!s->hdrdone) {
 		if (strncasecmp("Received: ", line, 10) == 0)