smtpsrv: Keep reading DATA input even if it's too large

When the DATA input is too large, we should keep on reading through it until we reach the end marker, otherwise there is a security problem: the remaining data will be interpreted as SMTP commands, so for example a forwarded message that is too long might end up executing SMTP commands under an authenticated user. This patch implements this behaviour, while being careful not to consume extra memory to avoid opening up the possibility of a DoS. Note the equivalent logic for single long lines is already implemented.
2025-12-17 14:37:02 +00:00 · 2019-12-04 01:46:54 +00:00
parent 28cb9169cc
commit 4edcd79a25
3 changed files with 85 additions and 0 deletions
--- a/internal/smtpsrv/server_test.go
+++ b/internal/smtpsrv/server_test.go
@@ -349,6 +349,15 @@ func TestTooMuchData(t *testing.T) {
 	if err == nil || err.Error() != "552 5.3.4 Message too big" {
 		t.Fatalf("Expected message too big, got: %v", err)
 	}
+
+	// Repeat the test once again, the limit should not prevent connection
+	// from continuing.
+	localC.Expect(1)
+	err = sendLargeEmail(t, c, maxDataSizeMiB-1)
+	if err != nil {
+		t.Errorf("Error sending large but ok email: %v", err)
+	}
+	localC.Wait()
 }

 func simpleCmd(t *testing.T, c *smtp.Client, cmd string, expected int) string {