Mailing List Archive: SpamAssassin: devel

[Bug 6823] [review] Malformed messages allow evasion of URIBL checks / Last body line skipped if multipart end boundary missing

Index | Next | Previous | View Threaded

bugzilla-daemon at bugzilla

Aug 12, 2012, 5:24 AM

Post #1 of 5 (175 views)
Permalink

[Bug 6823] [review] Malformed messages allow evasion of URIBL checks / Last body line skipped if multipart end boundary missing

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6823

Henrik Krohns <hege [at] hege> changed:

What |Removed |Added
----------------------------------------------------------------------------
Summary|Malformed messages allow |[review] Malformed messages
|evasion of URIBL checks |allow evasion of URIBL
| |checks / Last body line
| |skipped if multipart end
| |boundary missing

--
You are receiving this mail because:
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Aug 12, 2012, 5:39 AM

Post #2 of 5 (171 views)
Permalink

[Bug 6823] [review] Malformed messages allow evasion of URIBL checks / Last body line skipped if multipart end boundary missing [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6823

João Gouveia <joao.gouveia [at] anubisnetworks> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |joao.gouveia [at] anubisnetwork
| |.com

--
You are receiving this mail because:
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Aug 12, 2012, 8:40 AM

Post #3 of 5 (166 views)
Permalink

[Bug 6823] [review] Malformed messages allow evasion of URIBL checks / Last body line skipped if multipart end boundary missing [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6823

Kevin A. McGrail <kmcgrail [at] pccc> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail [at] pccc

--- Comment #6 from Kevin A. McGrail <kmcgrail [at] pccc> ---
+1 from me. I would say this is urgent and needs testing but from your code,
you are just pushing the last part of the message into the buffer and I can't
predict many issues.

Great catch.

And definitely open another ticket for the idea " Could "missing end boundary"
be a useful rule?"

I don't think the concern that the message was modified/corrupted along the way
should be consider valid. It will fail many other checks such as DKIM as well.

regards,
KAM

--
You are receiving this mail because:
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Aug 13, 2012, 1:07 AM

Post #4 of 5 (167 views)
Permalink

[Bug 6823] [review] Malformed messages allow evasion of URIBL checks / Last body line skipped if multipart end boundary missing [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6823

--- Comment #7 from Henrik Krohns <hege [at] hege> ---
Ok patch as is in trunk..

Sending Message.pm
Transmitting file data .
Committed revision 1372304.

--
You are receiving this mail because:
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Aug 14, 2012, 7:30 AM

Post #5 of 5 (164 views)
Permalink

[Bug 6823] [review] Malformed messages allow evasion of URIBL checks / Last body line skipped if multipart end boundary missing [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6823

--- Comment #8 from Mark Martinec <Mark.Martinec [at] ijs> ---
> Ok patch as is in trunk..
> Committed revision 1372304.

+1 looks alright to me (code inspection)

--
You are receiving this mail because:
You are the assignee for the bug.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads