smtpsrv: Limit incoming line length and improve large message handling

Currently, there is no limit to incoming line length, so an evil client could cause a memory exhaustion DoS by issuing very long lines. This patch fixes the bug by limiting the size of the lines. To do that, we replace the textproto.Conn with a pair of buffered reader and writer, which simplify the code and allow for better and cleaner control. Thanks to Max Mazurov (fox.cpp@disroot.org) for finding and reporting this issue.
2025-12-17 14:37:02 +00:00 · 2019-12-01 01:30:36 +00:00
parent d7006d0e16
commit 99df5e7b57
4 changed files with 134 additions and 17 deletions
--- a/internal/smtpsrv/server.go
+++ b/internal/smtpsrv/server.go
@@ -6,7 +6,6 @@ import (
 	"flag"
 	"net"
 	"net/http"
-	"net/textproto"
 	"path"
 	"time"

@@ -247,7 +246,6 @@ func (s *Server) serve(l net.Listener, mode SocketMode) {
 			maxDataSize:    s.MaxDataSize,
 			postDataHook:   pdhook,
 			conn:           conn,
-			tc:             textproto.NewConn(conn),
 			mode:           mode,
 			tlsConfig:      s.tlsConfig,
 			onTLS:          mode.TLS,