diff options
author | Eric Faurot <eric@faurot.net> | 2015-10-01 22:54:08 +0200 |
---|---|---|
committer | Eric Faurot <eric@faurot.net> | 2015-10-01 22:54:08 +0200 |
commit | d8ba3351c0e4196eb44e0009f9316f9403e97938 (patch) | |
tree | b5060b2747464d672f920db215d22ddaf4f9f7b5 | |
parent | fix stack overflow (diff) | |
download | OpenSMTPD-d8ba3351c0e4196eb44e0009f9316f9403e97938.tar.xz OpenSMTPD-d8ba3351c0e4196eb44e0009f9316f9403e97938.zip |
test message size limit directly on the client input
-rw-r--r-- | smtpd/smtp_session.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/smtpd/smtp_session.c b/smtpd/smtp_session.c index 68a7c3bb..afc4635a 100644 --- a/smtpd/smtp_session.c +++ b/smtpd/smtp_session.c @@ -145,6 +145,7 @@ struct smtp_session { size_t rcptfail; TAILQ_HEAD(, smtp_rcpt) rcpts; + size_t datain; size_t odatalen; struct iobuf obuf; struct io oev; @@ -265,11 +266,6 @@ dataline_callback(const char *line, void *arg) len = strlen(line) + 1; - if (s->odatalen + len > env->sc_maxsize) { - s->msgflags |= MF_ERROR_SIZE; - return; - } - if (iobuf_fqueue(&s->obuf, "%s\n", line) != (int)len) { s->msgflags |= MF_ERROR_IO; return; @@ -2213,6 +2209,7 @@ smtp_message_reset(struct smtp_session *s, int prepare) s->msgflags = 0; s->destcount = 0; s->rcptcount = 0; + s->datain = 0; s->odatalen = 0; s->dataeom = 0; s->rcvcount = 0; @@ -2555,6 +2552,13 @@ smtp_filter_dataline(struct smtp_session *s, const char *line) if (*line == '\0') s->hdrdone = 1; + /* account for newline */ + s->datain += strlen(line) + 1; + if (s->datain > env->sc_maxsize) { + s->msgflags |= MF_ERROR_SIZE; + return; + } + /* check for loops */ if (!s->hdrdone) { if (strncasecmp("Received: ", line, 10) == 0) |