[Twisted-Python] Re: IMAP fixes

Anders Hammarquist iko at cd.chalmers.se
Thu Jul 3 05:09:10 MDT 2003


In a message of Thu, 03 Jul 2003 05:11:22 EDT, Jp Calderone writes:
>  Great stuff, I really really like your solution to the parsing problem. 
>The patch is now applied, with a couple changes:

[...]

>  I am unsure about the usefulness of the LiteralString class in its current
>state.  It seems to open up the possiblity of an unbounded memory usage
>attack against the server.  I'm considering either removing it and using
>LiteralFile in its place, or adding a limit to the size of string it will
>accept (something on the order of a kilobyte or two, though I will check
>exactly what might get passed to it by a benign client before picking a
>default limit).  Do you have any particular reason to want to keep it, or to
>keep it unlimited?

Yes, I absolutely want to keep it, but there should be no reason to keep
it unlimitied. There are lots of places (particularly for mailbox names)
where the grammar accepts atom or quoted or literal, and it would be a
nightmare to have to deal with a string that sometimes may be a file (and
keeping short strings like "inbox" in a file seems silly too). So please
keep it, but I see no problems with limiting it to a few kb.

How about this:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-patch
Size: 1011 bytes
Desc: twisted-imap-030703
URL: </pipermail/twisted-python/attachments/20030703/6f101ea7/attachment-0002.bin>
-------------- next part --------------
>  I suppose I will be thinking about how to apply a similar change to the
>client code, where it will have (at least to me ;) a much more noticable
>affect on performance.  It seems a little tougher, but maybe a mapping of
>responses to parsers would do the job...  Any ideas in this area would be
>welcome :)

I'll have a look at it and see if I can come up with any ideas.

/Anders

-- 
 -- Of course I'm crazy, but that doesn't mean I'm wrong.
Anders Hammarquist                                  | iko at cd.chalmers.se
Physics student, Chalmers University of Technology, | Hem: +46 31 88 48 50
G|teborg, Sweden.           RADIO: SM6XMM and N2JGL | Mob: +46 707 27 86 87


More information about the Twisted-Python mailing list