http://bugzilla.spamassassin.org/show_bug.cgi?id=4570
------- Additional Comments From [EMAIL PROTECTED] 2005-09-08 15:48 ------- Created an attachment (id=3121) --> (http://bugzilla.spamassassin.org/attachment.cgi?id=3121&action=view) New regexp that can handle large headers without segfaulting 4 million is enough for me. I think we could put this in to 3.1.0 since it is 1) a simple change; and 2) closes up a potential DoS vulnerability The \Q \E is not strictly necessary as a security measure because $hdr is set by the caller of the function, which has either hardcoded strings such as "To" or else is from the user's configuration file for the report_safe_headers option. However, it is a good idea to use \Q \E as $hdr is used as a plain string. Good catch. I have created a patch with the proposed regexp and I'm marking this for review for 3.1.0. Committers, please vote. I'll also check this into trunk. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
