On Sat, 1 Aug 1998, David W. Tamkin wrote:
John Hardin wrote,
| Content-Type: ... name="AAAAAAAAAAAA
| AAAAAAAAAAAAAAAAAAAA
| AAAAAAAAAAAAAAAAAAAA
| ...
| AAAAAAAAAAAAAAAAAAAA
| AAexploit-code-starts-here"
|
| would be syntactically valid but would bypass my filters.
If you're doing it within procmail, procmail considers continuation lines
in headers as if the embedded newline were a space, and it will match .
in a regexp condition.
...yes, but: in a MIME attachment header, which appears in the RFC-822
message *body*?
In my testing that appears to not be the case, as the above example fired
the "mismatched quotes" rule but not the "long filename" rule just prior.
I'm running procmail-3.10-10 - perhaps a newer release does indeed unwrap
MIME attachment headers within the RFC822 body. If not, then that should
perhaps be added to the procmail wishlist.
In any case, I now clean up the wrapped lines as well.
--
John Hardin KA7OHZ
jhardin(_at_)wolfenet(_dot_)com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
Your mouse has moved. Windows NT must be restarted for the change
to take effect. Reboot now? [ OK ]
-----------------------------------------------------------------------
84 days until Daylight Savings Time ends