On 19.2.2014, at 15.15, Jernej Porenta <jernej.porenta@arnes.si> wrote:
we are seeing some strange issues with IMAP ID command using latest Roundcube builds on dovecot 2.2.10 responding "Input buffer full, aborting".
Roundcube webmail connects to IMAP server and issues ID command first with some long arguments to ID command, however shorter than 1024 octets, which are specified in RFC2971 for ID IMAP extension.
The situation is easily reproducible (see http://pastebin.com/q4HX4wqb): # telnet hostname 143
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Server ready. . ID ("name" "Roundcube" "version" "1.0-git" "php" "5.3.3" "os" "Linux" "command" "<$long_less_than_1024_octets_string>")
- BYE Input buffer full, aborting
However, this problem does not occur when user is already logged in.
Before logging in Dovecot uses pretty strict limits on memory usage to avoid DoSing it.
RFC2971 is saying "Field strings MUST NOT be longer than 30 octets. Value strings MUST NOT be longer than 1024 octets. Implementations MUST NOT send more than 30 field-value pairs."
IMHO, dovecot is handling ID command before successful login successfully only if the length of the whole command is less than 1024 octets (exactly 861 octets is working fine, over that "Input buffer full" occurs).
I tried finding the reference in the source code, however I am unable to find where this limit actually occurs (maybe IMAP_ARG_STRING imap_arg->type?)
lib-master/master-auth.h MASTER_AUTH_MAX_DATA_SIZE affects it. Anyway, after thinking about this for a while I guess it's good to be RFC compliant, so I added some extra code to handle this better: http://hg.dovecot.org/dovecot-2.2/rev/3ecb2b831402
Although it's still probably not 100% RFC compliant, as it allows the maximum IMAP string parameter to be 1024 bytes before dropping the '\' escaping from \" quotes.