[Bug 7300] New: Parsing of address headers in spamassassin ($pms->get('From:name'))

bugzilla-daemon Thu, 25 Feb 2016 01:02:32 -0800

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7300


            Bug ID: 7300
           Summary: Parsing of address headers in spamassassin
                    ($pms->get('From:name'))
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Libraries
          Assignee: [email protected]
          Reporter: [email protected]

Hello,

recently i'm recieving mails which try to obfuscate the sender by sending
mails with a From: like

From: "John Doe <[email protected]>" <[email protected]>

While implementing a header check to detect such attempts i noticed
that SA seems to have problems parsing such addresses correctly.

When accessing the displayname with From:name the PerMsgStatus.pm module
only returns the string "\"John Doe".

$pms->get('From:name');

    "John Doe

The regex should be extended to cover all characters of a quoted string to the
closing quote.

On line 2056 in PerMsgStatus.pm:

http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm?view=markup#l2056

It should be extended to something like:

  if ($result =~ /^ \s* ( [^"]*? | "[^"]*" ) \s* < [^<>]* >/sx) {


Markus

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7300] New: Parsing of address headers in spamassassin ($pms->get('From:name'))

Reply via email to