detect malformed MIME messages earlier

Net/src/MultipartReader.cpp

@@ -262,11 +262,13 @@ void MultipartReader::guessBoundary()
 	{
 		_istr.get();
 		ch = _istr.peek();
-		while (ch != eof && ch != '\r' && ch != '\n')
+		while (ch != eof && ch != '\r' && ch != '\n' && _boundary.size() < 128) // Note: should be no longer than 70 chars acc. to RFC 2046
 		{
 			_boundary += (char) _istr.get();
 			ch = _istr.peek();
 		}
+		if (ch != '\r' && ch != '\n')
+			throw MultipartException("Invalid boundary line found");
 		if (ch == '\r' || ch == '\n')
 			_istr.get();
 		if (_istr.peek() == '\n')
@@ -288,18 +290,21 @@ void MultipartReader::parseHeader(MessageHeader& messageHeader)
 bool MultipartReader::readLine(std::string& line, std::string::size_type n)
 {
 	static const int eof = std::char_traits<char>::eof();
+	static const int maxLength = 1024;
 
 	line.clear();
 	int ch = _istr.peek();
-	while (ch != eof && ch != '\r' && ch != '\n')
+	int length = 0;
+	while (ch != eof && ch != '\r' && ch != '\n' && length < maxLength)
 	{
 		ch = (char) _istr.get();
 		if (line.length() < n) line += ch;
 		ch = _istr.peek();
+		length++;
 	}
 	if (ch != eof) _istr.get();
 	if (ch == '\r' && _istr.peek() == '\n') _istr.get();
-	return ch != eof;
+	return ch != eof && length < maxLength;
 }