On 19.2.2014, at 15.15, Jernej Porenta <jernej.porenta at arnes.si> wrote:
> we are seeing some strange issues with IMAP ID command using latest
Roundcube builds on dovecot 2.2.10 responding "Input buffer full,
aborting".
>
> Roundcube webmail connects to IMAP server and issues ID command first with
some long arguments to ID command, however shorter than 1024 octets, which are
specified in RFC2971 for ID IMAP extension.
>
> The situation is easily reproducible (see http://pastebin.com/q4HX4wqb):
> # telnet hostname 143
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
AUTH=PLAIN AUTH=LOGIN] Server ready.
> . ID ("name" "Roundcube" "version"
"1.0-git" "php" "5.3.3" "os"
"Linux" "command"
"<$long_less_than_1024_octets_string>")
> * BYE Input buffer full, aborting
>
> However, this problem does not occur when user is already logged in.
Before logging in Dovecot uses pretty strict limits on memory usage to avoid
DoSing it.
> RFC2971 is saying "Field strings MUST NOT be longer than 30 octets.
Value strings MUST NOT be longer than 1024 octets. Implementations MUST NOT send
more than 30 field-value pairs."
>
> IMHO, dovecot is handling ID command before successful login successfully
only if the length of the whole command is less than 1024 octets (exactly 861
octets is working fine, over that "Input buffer full" occurs).
>
> I tried finding the reference in the source code, however I am unable to
find where this limit actually occurs (maybe IMAP_ARG_STRING imap_arg->type?)
lib-master/master-auth.h MASTER_AUTH_MAX_DATA_SIZE affects it. Anyway, after
thinking about this for a while I guess it's good to be RFC compliant, so I
added some extra code to handle this better:
http://hg.dovecot.org/dovecot-2.2/rev/3ecb2b831402
Although it's still probably not 100% RFC compliant, as it allows the
maximum IMAP string parameter to be 1024 bytes before dropping the '\'
escaping from \" quotes.