4.1. Syntax
from the BATV draft
This scheme is identified as:
tag-type = "prvs"
; simple private signature
tag-val = K DDD SSSSSS
K = 1DIGIT
; key number, to allow key rotation
DDD = 3DIGIT
; day number, low three digits of
; the number of days since 1970
; when the address will expire
SSSSSS = 6HEXDIG
; hex of the first three bytes of the
; SHA-1 HMAC of <hash-source> and a key
hash-source = K DDD <orig-mailfrom>
orig-mailfrom = {original RFC2821.MailFrom address}
If a tag can NOT identified using this syntax, it is not (will never!)
processed as a BATV tag.
If you want to whitelist malformed BATV tags , write your own whiteRe
Thomas
Von: "John Calvi" <[email protected]>
An: <[email protected]>
Datum: 22.05.2014 05:24
Betreff: [Assp-user] FW: V14141
Thomas, I have also sent you a version 14141 to your email with the bugs I
mentioned before fixed as well as the changes below...
BATV issues...
There are lots of regexes in the code using prvs=\d\d\d\d\w{6}=
I get lots or email where there are NOT 4 digits at the start NOR a six
character word after, eg...
<[email protected]>
<[email protected]>
This results in them not being treated as whitelisted.
There are also 2??? Subs named batv_remove_tag in the code, 1 tight
(prvs=\d\d\d\d\w{6}=) , and one very loose later (prvs=.*=).
sub batv_remove_tag {
my ($fh,$mailfrom,$store) = @_;
if ($mailfrom =~ /^(prvs=\d\d\d\d\w{6}=)([^\r\n]*)/o) {
$Con{$fh}->{$store} = $mailfrom if ($fh && $store);
$mailfrom = lc $2;
}
return $mailfrom;
}
sub batv_remove_tag {
my $mailfrom = shift;
if ($mailfrom =~ /^( prvs=.*=)(.*)/o) { #Batv Mod - JC (prvs=\w=) or
prvs=.*=
$mailfrom = lc $2;
}
return $mailfrom;
}
They should all be looser but not too loose, say prvs=\w=
John Calvi.
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform
available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
