Truncate very long names for scrubbed attachments.

2 files changed, 5 insertions, 1 deletions

diff --git a/Mailman/Handlers/Scrubber.py b/Mailman/Handlers/Scrubber.py
index 97e443b7..cecd11fb 100644
--- a/Mailman/Handlers/Scrubber.py
+++ b/Mailman/Handlers/Scrubber.py
@@ -471,7 +471,8 @@ def save_attachment(mlist, msg, dir, filter_html=True):
             # guessed so attachments can't lie about their type.  Also, if the
             # filename /has/ no extension, then tack on the one we guessed.
             # The extension was removed from the name above.
-            filebase = filename
+            # Allow for extra and ext and keep it under 255 bytes.
+            filebase = filename[:240]
         # Now we're looking for a unique name for this file on the file
         # system.  If msgdir/filebase.ext isn't unique, we'll add a counter
         # after filebase, e.g. msgdir/filebase-cnt.ext
diff --git a/NEWS b/NEWS
index 8a9e2b85..d818e086 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,9 @@ Here is a history of user visible changes to Mailman.
       mailbombing of a member of a list with private rosters by repeated
       subscribe attempts.  (LP: #1883017)
 
+    - Very long filenames for scrubbed attachments are now truncated.
+      (LP: #1884456)
+
 2.1.33 (07-May-2020)
 
   Security