From: Jeff King <peff@peff.net>
To: "René Scharfe" <l.s.r@web.de>
Cc: Git List <git@vger.kernel.org>
Subject: Re: [PATCH] imap-send: increase command size limit
Date: Tue, 16 Apr 2024 20:24:54 -0400 [thread overview]
Message-ID: <20240417002454.GA2305596@coredump.intra.peff.net> (raw)
In-Reply-To: <85047e64-044f-4bf8-8de9-33b082255f3e@web.de>
On Tue, Apr 16, 2024 at 06:08:05PM +0200, René Scharfe wrote:
> > Shouldn't socket_write() just use size_t / ssize_t?
>
> Probably size_t.
Yes, but you need ssize_t to handle the negative return values.
> > In particular, this made me wonder what we would do for larger items.
> > Like, say, the actual message to be uploaded. And indeed, we use a
> > strbuf to read in the messages and pass the whole buffer for each to
> > socket_write(). So we'd possibly quietly truncate such a message.
>
> Hmm, perhaps we should at least sprinkle in some more overflow checks?
Perhaps, but...
> > Fixing it is a little more complicated than switching to size_t, because
> > the underlying SSL_write() uses an int. So we'd probably need some
> > looping, similar to xwrite().
>
> Or SSL_write_ex(), which takes and returns size_t. It was added in
> OpenSSL 1.1.1, which reached its end of life half a year ago.
>
> https://www.openssl.org/docs/man1.1.1/man3/SSL_write.html
> https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
You'd think that when I ran "man SSL_write" while writing the other
email I would have noticed that SSL_write_ex() is mentioned right there
in the synopsis. But somehow I didn't.
I don't think we document a required version for ssl. That version is
"only" 5.5 years old, but I think it would be OK here (especially given
that imap-send is an optional component with a build-time knob).
In which case I think fixing socket_write() would fix this problem, and
then building your other patch on top, it doesn't need to worry about
INT_MAX at all.
Looking at the conversion, I think there's a slight gotcha with
retaining the "0" return value from SSL_write_ex() to pass to
socket_perror() in the error path. Which makes me wonder about that
error path at all; it closes descriptors but doesn't handle SSL at all.
Should it be using socket_shutdown()? And should that function set
sock->ssl to NULL and the descriptors to -1? The rabbit hole of
imap-send is infinite.
> > In practice I doubt this is ever an issue. 2GB emails are not likely to
> > be usable in general.
>
> Tough. Who likes to get multi-GB patches in their inbox? Heard of
> people exchanging CD images by email decades ago, though, so I
> wouldn't rule this out totally. Perhaps that's the last puzzle piece
> to convert game studios to perform email reviews of asset-heavy
> binary diffs? ;-)
OK, I laughed out loud at this. Perhaps a sign of too much Git.
-Peff
prev parent reply other threads:[~2024-04-17 0:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-14 16:47 [PATCH] imap-send: increase command size limit René Scharfe
2024-04-14 17:44 ` brian m. carlson
2024-04-15 18:38 ` Junio C Hamano
2024-04-15 18:45 ` Jeff King
2024-04-16 15:31 ` René Scharfe
2024-04-15 18:55 ` Jeff King
2024-04-16 16:08 ` René Scharfe
2024-04-17 0:24 ` Jeff King [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240417002454.GA2305596@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=l.s.r@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).