You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by jh...@apache.org on 2017/11/18 18:39:34 UTC

svn commit: r1815688 - /spamassassin/trunk/lib/Mail/SpamAssassin/HTML.pm

Author: jhardin
Date: Sat Nov 18 18:39:34 2017
New Revision: 1815688

URL: http://svn.apache.org/viewvc?rev=1815688&view=rev
Log:
Bug 7437 - fix issues with parsing a message having an unclosed HTML <style> tag (due to spamc size limits or intentional DoS attack)

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/HTML.pm

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/HTML.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/HTML.pm?rev=1815688&r1=1815687&r2=1815688&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/HTML.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/HTML.pm Sat Nov 18 18:39:34 2017
@@ -259,6 +259,11 @@ sub parse {
                                 : "off (default, assumed Unicode characters)");
   }
   $self->SUPER::parse($text);
+
+  # bug 7437: deal gracefully with HTML::Parser misbehavior on unclosed <style> tag
+  # (typically from not passing the entire message to spamc, but possibly a DoS attack)
+  $self->SUPER::parse("</style>") while exists $self->{inside}{style} && $self->{inside}{style} > 0;
+
   $self->SUPER::eof;
 
   return $self->{text};