[Mimedefang] filename matching in filter_bad_filename
Graham Dunn
gdunn at inscriber.com
Tue Jun 15 09:13:37 EDT 2004
On Mon, Jun 14, 2004 at 03:37:13PM -0400, David F. Skoll wrote:
> On Mon, 14 Jun 2004, Graham Dunn wrote:
>
> > OK, even with this in there, I'm still hitting the code that checks for
> > bad zips.
>
> [...]
>
> > return 1 if (re_match($entity, $re));
> > return 0 if (re_match($entity, $secret));
>
> Ponder the order of those two statements...
OK ...
pondering "return 1 if (re_match($entity, $re));"
at this point, $re = '\.' . $bad_exts . '\.*$'; and there's no match,
because Content-Disposition.filename, Content-Type.name or
Content-Description is .zip, which is not in $re.
on to "return 0 if (re_match($entity, $secret));"
at this point, compare Content-Disposition.filename, Content-Type.name
or Content-Description against $secret (which is '^itc.*\.zip$'). As the
filename is itc-blah.zip, I'm seeing a match on "if ((re_match($entity,
'\.zip$')) {...}" and as the zip contains an exe, it's getting nabbed by
re_match_in_zip_directory().
As to the order, am I wrong in thinking that the logic is:
1) re_match($entity, $re) evaluates to 0, so don't return 1, move to the
next line,
2) re_match($entity, $secret) evaluates to 1, so return 0 to this if
statement:
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
return action_drop_with_warning("An attachment named $fname was
removed from this document as it\nconstituted a security hazard. If you
require this document, please contact\nthe sender and arrange an
alternate means of receiving it.\n");
}
so no md_graphdefang_log, and no return action_drop_with_warning should
be called?
However, this is not what reality is showing me, so I humbly request
correction :]
Thanks,
Graham
More information about the MIMEDefang
mailing list