You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/11/11 21:36:06 UTC

[Bug 6016] New: report_safe 1 with specifically malformed Subject: can cause mangled report message

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6016

           Summary: report_safe 1 with specifically malformed Subject: can
                    cause mangled report message
           Product: Spamassassin
           Version: 3.2.5
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Libraries
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: kdeugau@vianet.ca


Created an attachment (id=4386)
 --> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4386)
example message that triggers a broken report message

Any tagged-as-spam message with an encoded Subject header, that has no space
between the colon and the encoded subject, will result in a report message with
a decoded subject line when using report_safe 1 or report_safe 2.

If newlines are encoded with other characters, they will be expanded and will
cause the report message's headers to become separated.

A space between the colon and the Subject: value causes the original subject to
be copied as-is, encoded, into the wrapper message.

Attached is a message that can trigger this problem.


-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6016] report_safe 1 with specifically malformed Subject: can cause mangled report message

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6016


Mark Martinec <Ma...@ijs.si> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #3 from Mark Martinec <Ma...@ijs.si>  2009-08-04 09:37:52 PST ---
  Bug 6016: fix parsing of a header field, a space is not required
  after a colon; also, accept WSP before a colon in a header field
  (obsolete rfc822 syntax) in MIME subheaders; + cosmetic, comment
Sending        lib/Mail/SpamAssassin/Message/Node.pm
Sending        lib/Mail/SpamAssassin/Message.pm
Committed revision 800867 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=800867 ).

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6016] report_safe 1 with specifically malformed Subject: can cause mangled report message

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6016


Justin Mason <jm...@jmason.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|Undefined                   |3.3.0




-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6016] report_safe 1 with specifically malformed Subject: can cause mangled report message

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6016





--- Comment #1 from Kris Deugau <kd...@vianet.ca>  2008-11-11 12:38:27 PST ---
Created an attachment (id=4387)
 --> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4387)
possible fix for the immediate observed issue

Not sure what unwanted side effects this might have...  but given SA tries to
makes sense of deliberately malformed messages in other ways, this makes sense
to me.


-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6016] report_safe 1 with specifically malformed Subject: can cause mangled report message

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6016





--- Comment #2 from Kris Deugau <kd...@vianet.ca>  2008-12-04 08:35:33 PST ---
Patch has been running in production since submission and doesn't seem to have
caused any problems.


-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.