On 12/6/2017 7:52 AM, Jan-Pieter Cornet wrote:
None of the mailsploit exploits target \n chars. I wouldn't worry
about those. My implementation only matches \0 chars. You don't need
[] around the char. Or you could write /\000/ as a full octal charcode.
From my research this morning, the exploit in general is the inclusion
of control codes by using encoding of base64 and utf8 to bypass rfc
sanity checks. The specific examples he used show improper MUA parsing
of the \0 but it's unknown what some MUAs will do with control codes in
these fields.
So the [] was written because I expect other control codes to be brought
up to also block. And originally I was trying to block \n but of course
a header has to have just one \n.
One of the mailsploit tests that I currently don't deal with encode an
email address in the username part of the sender. I should block those
too...
Yeah, I haven't looked at the exploits he's published before. Any
technical details on that one?
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
