Describe the bug
fetcher/fetcher.go walks the BODYSTRUCTURE tree recursively (checkPart and friends). A maliciously-crafted message with deeply nested multipart/related (a thousand levels) blows the goroutine stack. Go's default 1MB goroutine stack starts to be a real limit at ~10k-100k frames depending on locals.
Expected behavior
Either:
- limit recursion depth to ~64 (RFC 2046 doesn't specify but anything deeper is pathological)
- convert the walk to an explicit work queue.
Why it's hard
The walk is sprinkled across multiple sites in fetcher; the right fix is a shared walkPart iterator that all call sites use. That refactor is the work.
Describe the bug
fetcher/fetcher.gowalks the BODYSTRUCTURE tree recursively (checkPartand friends). A maliciously-crafted message with deeply nestedmultipart/related(a thousand levels) blows the goroutine stack. Go's default 1MB goroutine stack starts to be a real limit at ~10k-100k frames depending on locals.Expected behavior
Either:
Why it's hard
The walk is sprinkled across multiple sites in fetcher; the right fix is a shared
walkPartiterator that all call sites use. That refactor is the work.