smtp: Limit incoming line length

On the smtp client package, there is no limit to the length of the server's replies, so an evil server could cause a memory exhaustion DoS by issuing very long lines. This patch fixes the bug by limiting the total size of received data. Ideally this would be done per-line instead, but gets much more complex, so this is a compromise. The limit chosen is 2 MiB, which should be plenty for any the total size of server-side replies, considering we only send a single message per connection anyway. This is similar to 06d808c (smtpsrv: Limit incoming line length), which was found and reported by Max Mazurov (fox.cpp@disroot.org).
2026-01-28 20:56:03 +00:00 · 2019-12-01 02:38:38 +00:00
parent bf01fab893
commit d7006d0e16
2 changed files with 67 additions and 13 deletions
--- a/internal/smtp/smtp.go
+++ b/internal/smtp/smtp.go
@@ -7,6 +7,8 @@
 package smtp

 import (
+	"bufio"
+	"io"
 	"net"
 	"net/smtp"
 	"net/textproto"
@@ -28,6 +30,14 @@ func NewClient(conn net.Conn, host string) (*Client, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	// Wrap the textproto.Conn reader so we are not exposed to a memory
+	// exhaustion DoS on very long replies from the server.
+	// Limit to 2 MiB total (all replies through the lifetime of the client),
+	// which should be plenty for our uses of SMTP.
+	lr := &io.LimitedReader{R: c.Text.Reader.R, N: 2 * 1024 * 1024}
+	c.Text.Reader.R = bufio.NewReader(lr)
+
 	return &Client{c}, nil
 }