[Mimedefang] mailsploit prevention in MD
Kevin A. McGrail
KMcGrail at PCCC.com
Wed Dec 6 08:06:39 EST 2017
On 12/6/2017 7:52 AM, Jan-Pieter Cornet wrote:
> None of the mailsploit exploits target \n chars. I wouldn't worry
> about those. My implementation only matches \0 chars. You don't need
> [] around the char. Or you could write /\000/ as a full octal charcode.
From my research this morning, the exploit in general is the inclusion
of control codes by using encoding of base64 and utf8 to bypass rfc
sanity checks. The specific examples he used show improper MUA parsing
of the \0 but it's unknown what some MUAs will do with control codes in
these fields.
So the [] was written because I expect other control codes to be brought
up to also block. And originally I was trying to block \n but of course
a header has to have just one \n.
> One of the mailsploit tests that I currently don't deal with encode an
> email address in the username part of the sender. I should block those
> too...
Yeah, I haven't looked at the exploits he's published before. Any
technical details on that one?
Regards,
KAM
More information about the MIMEDefang
mailing list