On Thu, 2 May 2002, Professional Software Engineering wrote:
Because attachment filenames may be represented in muliple forms:
name = "somefilename.ext";
name=somefilename.ext;
name=somefilename.ext
name="somefilename.ext";
name="somefilename.ext"
name = "somefilename.ext"
(not to mention filename= vs name=, etc).
and consciously malicious use of newlines. This is valid:
Content-type:
fnord/fnord
;
name
=
"attack.exe"
;
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin(_at_)impsec(_dot_)org pgpk -a
jhardin(_at_)wolfenet(_dot_)com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"They [media giants] have no idea how to do business with resourceful
human beings rather than passive vegetables. So they run to [the]
government for protection."
-- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
915 days until the Presidential Election
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail