smtpd: limit data read & safer rebuild; imapd: stable UID mapping & s… #1
Conversation
…afe prefix checks
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| return fmt.Errorf("无效的邮箱地址: %s", to) | ||
| } | ||
| domain := parts[1] | ||
| parts := strings.Split(to, "@")[1] |
There was a problem hiding this comment.
Bug: Unvalidated Email Split Causes Crash
The code directly accesses strings.Split(to, "@")[1] without checking if the email address contains an @ symbol. If to doesn't contain @, the split returns a slice with only one element, causing an index out of bounds panic when accessing [1].
| // 如果解析失败,可能是缺少邮件头,需要重新构建 | ||
| logger.Warn().Err(err).Msg("邮件解析失败,尝试重新构建邮件头") | ||
| previewLen := 1024 | ||
| logger.Warn().Err(err).Hex("preview", rawData[:previewLen]).Msg("邮件解析失败,尝试重新构建邮件头") |
There was a problem hiding this comment.
Bug: Preview logic panics with small data.
The code slices rawData[:previewLen] where previewLen is 1024, but doesn't check if len(rawData) is at least 1024 bytes. This causes a slice bounds out of range panic when the email data is smaller than 1024 bytes.
…afe prefix checks
Note
Adds a 50 MiB SMTP DATA limit with safer failure logging and introduces stable UID hashing in IMAP while stubbing/simplifying many IMAP/SMTP handlers.
50 MiBlimit inSession.Datausingio.LimitReader; returns552when exceeded.Rcptto validate recipients by domain only.Reset.stableUIDFromID(FNV-1a) for stableuint32UIDs from string IDs.LoginandUserstruct; large mailbox operations (ListMailboxes,GetMailbox, etc.) replaced with stubs.Written by Cursor Bugbot for commit fefd312. This will update automatically on new commits. Configure here.