X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/89b1a5980cf39a0f34186a4c91c3b316c7b2f831..183389fae10672e8d5ffb1f14f23a179798f483a:/src/src/match.c

diff --git a/src/src/match.c b/src/src/match.c
index 6a3314194..bf8cb3b98 100644
--- a/src/src/match.c
+++ b/src/src/match.c
@@ -1269,9 +1269,11 @@ compared. Therefore, Exim now forces the entire address into lower case here,
 provided that "caseless" is set. (It is FALSE for calls for matching rewriting
 patterns.) Otherwise just the domain is lower cases. A magic item "+caseful" in
 the list can be used to restore a caseful copy of the local part from the
-original address. */
+original address.
+Limit the subject address size to avoid mem-exhastion attacks.  The size chosen
+is historical (we used to use big_buffer her). */
 
-if ((len = Ustrlen(address)) > 255) len = 255;
+if ((len = Ustrlen(address)) > BIG_BUFFER_SIZE) len = BIG_BUFFER_SIZE;
 ab.address = string_copyn(address, len);
 
 for (uschar * p = ab.address + len - 1; p >= ab.address; p--)