On Sat, 1 Aug 1998, Liviu Daia wrote:
On 1 August 1998, John D. Hardin <jhardin(_at_)wolfenet(_dot_)com> wrote:
On Fri, 31 Jul 1998, John D. Hardin wrote:
Content-Type: ... name="AAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAA
...
AAAAAAAAAAAAAAAAAAAA
AAexploit-code-starts-here"
would be syntactically valid but would bypass my filters. I have
modified html-trap.procmail to append a close quote on the first
line, but it does NOT clean up the remaining lines.
Okay, html-trap.procmail will now clean up the extra lines in the
above example.
I couldn't find any explicit list of acceptable MIME headers in
reading through RFC2045, just mention that headers beginning with
"Content-" have meaning to MIME. Therefore I decided to prepend
"X-Comment:" to the continuation lines to clean them up. If anyone
knows that this won't work, drop me a line right away.
[...]
For quoted strings you have to close the quotes first, otherwise
some mailers might still shot themselves in the foot looking for the
matching end quotes.
I do. That was the *easy* part.
For the same reason, you should also take care of
terminating quoted-printable stuff (although this one will probably be a
PITA).
Ick. I'm not intimately familiar with how quoted-unreadable works, so
making it cleanly handle that will be a while yet.
--
John Hardin KA7OHZ
jhardin(_at_)wolfenet(_dot_)com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
Your mouse has moved. Windows NT must be restarted for the change
to take effect. Reboot now? [ OK ]
-----------------------------------------------------------------------
85 days until Daylight Savings Time ends