✨ Make max_response_size configurable [🚧 partial]

nevans · nevans · commit 5431e16b7792 · 2025-04-20T23:04:16.000-04:00
Note that this cherry-picked commit is missing key paits that are
incompatible with net-imap before 0.4.  I'm keeping the conflict
resolution here, and the updates for net-imap 0.3 in the next commit.

------

Though it would be useful to also have limits based on response type and
what commands are currently running, that's out of scope for now.

_Please note:_ this only limits the size per response.  It does _not_
limit how many unhandled responses may be stored on the responses hash.
diff --git a/lib/net/imap.rb b/lib/net/imap.rb
@@ -133,6 +133,10 @@ module Net
   #
   # Use paginated or limited versions of commands whenever possible.
   #
+  # Use Config#max_response_size to impose a limit on incoming server responses
+  # as they are being read.  <em>This is especially important for untrusted
+  # servers.</em>
+  #
   # Use #add_response_handler to handle responses after each one is received.
   # Use the +response_handlers+ argument to ::new to assign response handlers
   # before the receiver thread is started.
@@ -313,6 +317,17 @@ class << self
       alias default_ssl_port default_tls_port
     end
 
+    ##
+    # :attr_accessor: max_response_size
+    #
+    # The maximum allowed server response size, in bytes.
+    # Delegates to {config.max_response_size}[rdoc-ref:Config#max_response_size].
+
+    # :stopdoc:
+    def max_response_size;      config.max_response_size       end
+    def max_response_size=(val) config.max_response_size = val end
+    # :startdoc:
+
     # Disconnects from the server.
     def disconnect
       return if disconnected?
diff --git a/lib/net/imap/response_reader.rb b/lib/net/imap/response_reader.rb
@@ -52,7 +52,7 @@ def read_limit(limit = nil)
         [limit, max_response_remaining!].compact.min
       end
 
-      def max_response_size      = 512 << 20 # TODO: Config#max_response_size
+      def max_response_size      = client.max_response_size
       def max_response_remaining = max_response_size &.- bytes_read
       def response_too_large?    = max_response_size &.< min_response_size
       def min_response_size      = bytes_read + min_response_remaining
diff --git a/test/net/imap/test_imap_max_response_size.rb b/test/net/imap/test_imap_max_response_size.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require "net/imap"
+require "test/unit"
+require_relative "fake_server"
+
+class IMAPMaxResponseSizeTest < Test::Unit::TestCase
+  include Net::IMAP::FakeServer::TestHelper
+
+  def setup
+    Net::IMAP.config.reset
+    @do_not_reverse_lookup = Socket.do_not_reverse_lookup
+    Socket.do_not_reverse_lookup = true
+    @threads = []
+  end
+
+  def teardown
+    if !@threads.empty?
+      assert_join_threads(@threads)
+    end
+  ensure
+    Socket.do_not_reverse_lookup = @do_not_reverse_lookup
+  end
+
+  test "#max_response_size reading literals" do
+    with_fake_server(preauth: true) do |server, imap|
+      imap.max_response_size = 12_345 + 30
+      server.on("NOOP") do |resp|
+        resp.untagged("1 FETCH (BODY[] {12345}\r\n" + "a" * 12_345 + ")")
+        resp.done_ok
+      end
+      imap.noop
+      assert_equal "a" * 12_345, imap.responses("FETCH").first.message
+    end
+  end
+
+  test "#max_response_size closes connection for too long line" do
+    Net::IMAP.config.max_response_size = 10
+    run_fake_server_in_thread(preauth: false, ignore_io_error: true) do |server|
+      assert_raise_with_message(
+        Net::IMAP::ResponseTooLargeError, /exceeds max_response_size .*\b10B\b/
+      ) do
+        with_client("localhost", port: server.port) do
+          fail "should not get here (greeting longer than max_response_size)"
+        end
+      end
+    end
+  end
+
+  test "#max_response_size closes connection for too long literal" do
+    Net::IMAP.config.max_response_size = 1<<20
+    with_fake_server(preauth: false, ignore_io_error: true) do |server, client|
+      client.max_response_size = 50
+      server.on("NOOP") do |resp|
+        resp.untagged("1 FETCH (BODY[] {1000}\r\n" + "a" * 1000 + ")")
+      end
+      assert_raise_with_message(
+        Net::IMAP::ResponseTooLargeError,
+        /\d+B read \+ 1000B literal.* exceeds max_response_size .*\b50B\b/
+      ) do
+        client.noop
+        fail "should not get here (FETCH literal longer than max_response_size)"
+      end
+    end
+  end
+
+end
diff --git a/test/net/imap/test_response_reader.rb b/test/net/imap/test_response_reader.rb
@@ -6,6 +6,7 @@
 
 class ResponseReaderTest < Test::Unit::TestCase
   class FakeClient
+    def max_response_size = config.max_response_size
   end
 
   def literal(str) "{#{str.bytesize}}\r\n#{str}" end
@@ -44,22 +45,14 @@ def literal(str) "{#{str.bytesize}}\r\n#{str}" end
     assert_equal "",           rcvr.read_response_buffer.to_str
   end
 
-  class LimitedResponseReader < Net::IMAP::ResponseReader
-    attr_reader :max_response_size
-    def initialize(*args, max_response_size:)
-      super(*args)
-      @max_response_size = max_response_size
-    end
-  end
-
   test "#read_response_buffer with max_response_size" do
     client = FakeClient.new
-    max_response_size = 10
+    client.config.max_response_size = 10
     under = "+ 3456\r\n"
     exact = "+ 345678\r\n"
     over  = "+ 3456789\r\n"
     io = StringIO.new([under, exact, over].join)
-    rcvr = LimitedResponseReader.new(client, io, max_response_size:)
+    rcvr = Net::IMAP::ResponseReader.new(client, io)
     assert_equal under, rcvr.read_response_buffer.to_str
     assert_equal exact, rcvr.read_response_buffer.to_str
     assert_raise Net::IMAP::ResponseTooLargeError do
