From d666ea951ee4bd7e6c03505fb388a3be9b9e012a Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Mon, 14 Aug 2023 12:52:34 +0200
Subject: [PATCH] Reject negative MAIL FROM SIZE parameters

---
 conn.go        | 6 +++---
 server_test.go | 2 ++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/conn.go b/conn.go
index 0225876..e412cb7 100644
--- a/conn.go
+++ b/conn.go
@@ -315,18 +315,18 @@ func (c *Conn) handleMail(arg string) {
 	for key, value := range args {
 		switch key {
 		case "SIZE":
-			size, err := strconv.ParseInt(value, 10, 32)
+			size, err := strconv.ParseUint(value, 10, 32)
 			if err != nil {
 				c.writeResponse(501, EnhancedCode{5, 5, 4}, "Unable to parse SIZE as an integer")
 				return
 			}
 
-			if c.server.MaxMessageBytes > 0 && size > c.server.MaxMessageBytes {
+			if c.server.MaxMessageBytes > 0 && int64(size) > c.server.MaxMessageBytes {
 				c.writeResponse(552, EnhancedCode{5, 3, 4}, "Max message size exceeded")
 				return
 			}
 
-			opts.Size = size
+			opts.Size = int64(size)
 		case "SMTPUTF8":
 			if !c.server.EnableSMTPUTF8 {
 				c.writeResponse(504, EnhancedCode{5, 5, 4}, "SMTPUTF8 is not implemented")
diff --git a/server_test.go b/server_test.go
index 19b751e..7e30044 100644
--- a/server_test.go
+++ b/server_test.go
@@ -514,6 +514,8 @@ func TestServerTooBig(t *testing.T) {
 	defer s.Close()
 	defer c.Close()
 
+	s.MaxMessageBytes = 4294967294
+
 	io.WriteString(c, "MAIL FROM:<alice@wonderland.book> SIZE=4294967295\r\n")
 	scanner.Scan()
 	if strings.HasPrefix(scanner.Text(), "250 ") {