procmail
[Top] [All Lists]

Re: Help! Need to use procmail to fight dangerous security exploit

1998-07-29 04:26:53
On Tue, 28 Jul 1998 23:45:06 -0700, Gregory Sutter 
<gsutter(_at_)pobox(_dot_)com>
wrote:
CHAR=[-_0-9A-Za-z]
:0

(You are missing some flags here. See below.)

* ^Content-Disposition:[     ]*attachment;[  
]*filename="\/($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)

(And here, you need a $ modifier. Added below.)

| formail -I 'Content-Disposition: attachment; filename="$MATCH"'

(And here, I don't think you can use single quotes. Fixed below.)

For added readability, you might do something like this:

    # I thought win95 and Mac filenames were allowed to contain spaces.
    # Perhaps you want to replace this with CHAR=[^"]
    CHAR=[-_0-9A-Za-z]
    FOUR="$CHAR$CHAR$CHAR$CHAR"
    SIXT="$FOUR$FOUR$FOUR$FOUR"

    :0hfw
    * $ * ^Content-Disposition:[        ]*attachment;[  ]*filename="\
            \/$SIXT$SIXT$SIXT$FOUR$FOUR$FOUR$CHAR$CHAR$CHAR
    | formail -I "Content-Disposition: attachment; filename=\"$MATCH\""

There are 64 instances of $CHAR present.  The [<space>] each

(Mine grabs only 63. Change to $SIXT$SIXT$SIXT$SIXT if you want 64,
obviously.)

contain a space and a tab.  The \/ denotes the beginning of matching

This still applies. The ordering of the tab and space is unimportant.

This would be a whole lot easier if procmail implemented bounded
repititions:
...filename="\/($CHAR){0,64}

Granted ;-)

/* era */

-- 
 Paparazzi of the Net: No matter what you do to protect your privacy,
  they'll hunt you down and spam you. <http://www.iki.fi/~era/spam/>