You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2021/01/19 18:58:17 UTC
[Bug 7880] New: Can't call method "name" on an undefined value at
lib/Mail/SpamAssassin/Message/Node.pm line 533 (nullref exception)
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7880
Bug ID: 7880
Summary: Can't call method "name" on an undefined value at
lib/Mail/SpamAssassin/Message/Node.pm line 533
(nullref exception)
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Libraries
Assignee: dev@spamassassin.apache.org
Reporter: jhardin@impsec.org
Target Milestone: Undefined
r1864393 introduced a nullref weakness in a Node.pm debug message that triggers
when a UTF-16 header (or, presumably, body part) is too short for
detect_utf16() to be able to detect the endianness from the encoded data (or,
presumably, when it cannot detect the endianness for some other reason).
This occurs even if the UTF-16 data includes a BOM.
3.4 does not have this nullref weakness as the debug message change was not
backported.
Repro: Put this header in a test message:
From:=?UTF-16?B?//492Enc?= DermaCorrect <@ewFXg.maclostech320.xyz;live.de;>
(note: malformed header is verbatim from actual spam)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7880] Can't call method "name" on an undefined value at
lib/Mail/SpamAssassin/Message/Node.pm line 533 (nullref exception)
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7880
John Hardin <jh...@impsec.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
CC| |jhardin@impsec.org
Status|NEW |RESOLVED
--- Comment #1 from John Hardin <jh...@impsec.org> ---
1. Modify test data to include a "short UTF-16" header case observed
in-the-wild that triggered this bug, verify test on unmodified Node.pm fails.
2. Modify Node.pm _normalize() to behave safely if detect_utf16() cannot
determine the endianness of the data.
3. Modify detect_utf16() to skip the data scan if a BOM is present (for
efficiency, as Perl's UTF-16 decoder will figure out the endianness from the
BOM)
4. Verify test from 1 now passes
5. Verify example from bug 7252 still works properly
Modified: .../trunk/lib/Mail/SpamAssassin/Message/Node.pm
Modified: .../trunk/t/data/nice/unicode2
Committed revision 1885696.
--
You are receiving this mail because:
You are the assignee for the bug.