Closed Udera closed 7 years ago
rimas-kudelis
commented
7 years ago @Udera is there any rationale to really reject based on "too many MIME parts", "Excessive line length", "Filename length too long" or "MIME boundary length too long"? All of these situations seem quite unlikely, and don't seem dangerous unless your MUA is prone to buffer overflows. Do these edge cases at least contradict any standards?
Udera
commented
7 years ago I didn't find a limit for the number of MIME parts. For the line length, I found this: https://tools.ietf.org/html/rfc5322#section-2.1.1 but I'm not sure if it applies at this point?
The file name length is limited by the file system and NTFS is imposing the 255 character limit (I think to remember). Other users might want to use longer filenames.
Let's only keep the line length if this RFC applies. I wouldn't object to remove the others.
Udera
commented
7 years ago I removed all the additional rules. I linked a document in the exim-wiki if someone needs more protection for vulnerable mail clients. The line length is specified in the RFC, but not for binary content. Probably doesn't apply therefore, but I didn't have time to test this extensively.
I tested the current patch on Exim 4.88 on FreeBSD and Debian 8 (4.84).
@rimas-kudelis any more suggestions?
rimas-kudelis
commented
7 years ago I haven't tested this myself, but there's no reason not to merge if you have and it works fine for you.
Fixes https://github.com/vexim/vexim2/issues/232.
@ecki please test.