ietf-nntp Server response length limits

Tue Mar 12 23:42:56 PST 2002

On 12 Mar 2002, Andrew Gierth wrote:

> >>>>> "Clive" == Clive D W Feather <clive at demon.net> writes:
>
>  >> A single-line server response must begin with a response code, and other
>  >> than that can be of unbounded length.  Is this true?
>
>  Clive> That's right.
>
> that's a weakness that needs to be fixed, then. There is no reason to
> allow unbounded lengths of single-line response, and most existing
> software is broken by unduly long response lines. The single-line
> response should be limited to 512 octets including the CRLF (and the
> including the initial three digits and space).

So...I've been working with Chris Newman on AUTHINFO SASL.  The reason I
asked the above was because we're running into issues with the line
lengths, as SASL sometimes likes to put data in the initial command of
the exchange.

The solutions which seems most elegant to me is the following:

- Stan modifies the extensions mechanism to allow extensions to
  increase the line length limit.  (Chris points out that we have
  precedent on this; see the relevant bit of the ESMTP spec at
  the end of this message.)  I'd be willing to suggest wording
  for this if necessary.

- We get the SASL spec revised to require that when a mechanism
  is registered, the maximum size of an exchange be given.  Chris
  plans to ask John Myers to include this in the current draft
  which revises RFC 2222; he doesn't think it will be a problem.

- In the AUTHINFO SASL extension, we require an implementation to
  support a line length limit which is based on the max size of an
  exchange in the SASL mechanism (of those it implements) with
  the largest maximum, scaled up to account for base64 overhead.

How does this sound to people?

---- from RFC 1869 ---------------------------------------------------

4.1.2.  Maximum command line length

   This specification extends the SMTP MAIL FROM and RCPT TO to allow
   additional parameters and parameter values.  It is possible that the
   MAIL FROM and RCPT TO lines that result will exceed the 512 character
   limit on command line length imposed by RFC 821.  This limit is
   hereby amended to only apply to command lines without any parameters.
   Each specification that defines new MAIL FROM or RCPT TO parameters
   must also specify maximum parameter value lengths for each parameter
   so that implementors of some set of extensions know how much buffer
   space must be allocated. The maximum command length that must be
   supported by an SMTP implementation with extensions is 512 plus the
   sum of all the maximum parameter lengths for all the extensions
   supported.

----------------------------------------------------------------------

-- 
Jeffrey M. Vinocur
jeff at litech.org