Author exarkun
Recipients
Date 2006-10-28.03:41:31
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to
Content
Logged In: YES 
user_id=366566

The code in smtp_DATA isn't factored to allow subclasses to
limit the amount of data received.  As is, the server is
vulnerable to a memory exhaustion attack, since it doesn't
implement any kind of limit on the number of lines buffered
in memory.  It should at least provide a hook for this, even
if it still doesn't enforce any limits.

History
Date User Action Args
2007-08-23 15:40:28adminlinkissue1057417 messages
2007-08-23 15:40:28admincreate