mirror of
https://github.com/mjl-/mox.git
synced 2025-07-10 07:54:40 +03:00
imapserver: prevent unbounded memory allocations when handling a command
some commands, like search, can specify any number of literals, of arbitrary size. we already limited individual literals to 100kb. but you could specify many of them, causing unbounded memory consumption. this change adds a limit of 1000 literals in a command, and a limit of 1mb of total combined memory for literals. once the limits are exceeded, a TOOBIG error code is returned. unbounded memory use could only be triggered on authenticated connections. this addresses the same issue as CVE-2024-34055 for cyrus-imap, by damian poddebniak.
This commit is contained in:
@ -2729,7 +2729,7 @@ func (c *conn) cmdAppend(tag, cmd string, p *parser) {
|
||||
// todo: this is only relevant if we also support the CATENATE extension?
|
||||
// ../rfc/6855:204
|
||||
utf8 := p.take("UTF8 (")
|
||||
size, sync := p.xliteralSize(0, utf8)
|
||||
size, sync := p.xliteralSize(utf8, false)
|
||||
|
||||
name = xcheckmailboxname(name, true)
|
||||
c.xdbread(func(tx *bstore.Tx) {
|
||||
|
Reference in New Issue
Block a user