On Thu, Jul 24, 2003 at 02:37:25PM -0400, Javier Gostling wrote: > On Thu, Jul 24, 2003 at 05:47:46PM +0100, John Haxby wrote: > > There's a limit of 998 bytes per line in RFC2822, but > > subjects can be folded over several lines. RFC2822 doesn't specify a > > limit and I don't think it needs to ... > > Which leads me to wonder how different MTAs handle the issue. Anyone > else see room for a buffer overflow here? There was a recent buffer overflow with OE and long subject lines. I've seen at least one package (SpamAssassin or MailScanner I think) that truncates subject line at 150 characters just because of this reason. Never assume that an MUA will be coded correctly to take a ridiculously long subject line. Heck, if I was writing code today, I would have thought that 256 bytes would be overkill, but then I don't write code for hostile environments (as in none that gets released!). -- Ed Wilts, Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list