On Sat, 8 Aug 1998, John D. Hardin wrote:
In the filter that attempts to sanitize <BODY ONLOAD="exploit"> tags,
the following Perl regular expression occurs:
s/<BODY\s+(([^">]+("(\\.|[^"])*")?)*)ONLOAD/<BODY $1 DEFANGED-ONLOAD/gi;
Dick St. Peters <stpeters(_at_)NetHeaven(_dot_)com> reports that on SunOS
4.1.3 +
Perl 5.004 this RE never exits, leading to massive system loads when mail
containing HTML is being processed.
Fixed.
Thirty whacks with the stupid stick for not running against a complete set
of test data. D'oh!
--
John Hardin KA7OHZ
jhardin(_at_)wolfenet(_dot_)com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
Your mouse has moved. Windows NT must be restarted for the change
to take effect. Reboot now? [ OK ]
-----------------------------------------------------------------------
76 days until Daylight Savings Time ends