http://bugzilla.spamassassin.org/show_bug.cgi?id=4191
Summary: uri_to_domain() is broken for urls with empty port.
Product: Spamassassin
Version: 3.0.2
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P5
Component: spamassassin
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
uri_to_domain() does not properly handle urls in the form:
http://blah.blah.com:/
In particular, the ":" at the end is not handled properly. Spammers are
apparentlyi aware of this and are taking advantage of this problem to circumvent
URIBL checks. I get about 30 messages a day with URL's that look like this:
http://crazyrxl0wprices.net:/
The fix is trival. Apply the following patch to lib/SpamAssassin/Util.pm:
--- Util.pm.orig Mon Mar 14 10:38:59 2005
+++ Util.pm Mon Mar 14 10:39:12 2005
@@ -788,7 +788,7 @@
$uri =~ s#^[a-z]+:/{0,2}##gsi; # drop the protocol
$uri =~ s,^[^/]*\@,,gs; # username/passwd
$uri =~ s,[/\?\&].*$,,gs; # path/cgi params
- $uri =~ s,:\d+$,,gs; # port
+ $uri =~ s,:\d*$,,gs; # port
return if $uri =~ /\%/; # skip undecoded URIs.
# we'll see the decoded version as well
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
