From 53a0828d3ee7eb1ea2726c12495e22e0640dade3 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Sun, 21 Jun 2020 11:45:30 -0700
Subject: Truncate very long names for scrubbed attachments.

---
 Mailman/Handlers/Scrubber.py | 3 ++-
 NEWS                         | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Mailman/Handlers/Scrubber.py b/Mailman/Handlers/Scrubber.py
index 97e443b7..cecd11fb 100644
--- a/Mailman/Handlers/Scrubber.py
+++ b/Mailman/Handlers/Scrubber.py
@@ -471,7 +471,8 @@ def save_attachment(mlist, msg, dir, filter_html=True):
             # guessed so attachments can't lie about their type.  Also, if the
             # filename /has/ no extension, then tack on the one we guessed.
             # The extension was removed from the name above.
-            filebase = filename
+            # Allow for extra and ext and keep it under 255 bytes.
+            filebase = filename[:240]
         # Now we're looking for a unique name for this file on the file
         # system.  If msgdir/filebase.ext isn't unique, we'll add a counter
         # after filebase, e.g. msgdir/filebase-cnt.ext
diff --git a/NEWS b/NEWS
index 8a9e2b85..d818e086 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,9 @@ Here is a history of user visible changes to Mailman.
       mailbombing of a member of a list with private rosters by repeated
       subscribe attempts.  (LP: #1883017)
 
+    - Very long filenames for scrubbed attachments are now truncated.
+      (LP: #1884456)
+
 2.1.33 (07-May-2020)
 
   Security
-- 
cgit v1.2.3