|Wed 1998-07-29 mark david mcCreary <mdm(_at_)internet-tools(_dot_)com>
| >Literally millions of users worldwide may soon get bit by the MIME
| >filename buffer
| >overflow bug described at
| >This bug is particularly insidious because it can be exploited via
| >by spamming software and could impact millions of users in a very short
| >I would like to try to use procmail to plug the hole at the mail server,
| >by truncating the excessively long file names in the MIME headers.
Thank you. I read the whole thread and I'm sure Era was right suggesting
[era] I believe that the problem isn't really that the
filename is over the allowed length for some platform (Macintoshes
allow something like 27 characters if memory serves) but a bug in
how some particular email clients allocate memory for the file name
string (but I am really only speculating here).
So the MUA software that is used to display the MIME message is the
culprit. I Use Emacs to handle MIME, so it has no such threats, so poor
Microsoft software may get upset and allocate too little space.
So, this has nothing to do with mail or it's content. Procmail can
handle as big messages as you have system and virtual memory. The
only thing you can make Procmail overflow is, when you try to match
too much and your LINEBUF setting is too short. Bute then you made it
to happen yourself :-)
Disd you have any questions about this issue? I even added Note
to the pm-jamime.rc in case someone wants to be paranoid:
Pm-jamime.rc -- subroutine to read mime boundary etc. variables
1998-07-28 Brett Glass <brett(_at_)lariat(_dot_)org> reported in PM-L
there was security exploit in long attachement filenames:
And here is the url to the matter:
When you use this module to detect mime messages, you can check the
filename length with recipe:
# Recipe after calling $RC_MIME, this module,
re = ".........." # regexp with 10 matches
too_long = "$re$re$re$re" # allow 40 characters maximum
*$ $SUPREME^0 MIME_H_ATTACHEMENT ?? $re
*$ $SUPREME^0 MIME_B_ATTACHEMENT ?? $re
dummy = "** Dangerously long mime attachement filename"
dummy = "** $MIME_H_ATTACHEMENT $MIME_B_ATTACHEMENT"