[Phpgroupware-developers] possible vuln in email regex, advise fix

phpgroupware-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-developers] possible vuln in email regex, advise fix

From:	Chris Weiss
Subject:	[Phpgroupware-developers] possible vuln in email regex, advise fix
Date:	Thu, 15 Dec 2005 13:25:07 -0600

https://savannah.gnu.org/bugs/index.php?func=detailitem&item_id=15225

the short of it:
- email app uses "/" as the regex delimiter in the email attachemtn forwarding
- "/" is valid in a mime "boundary"
- a boundary with a / in it causes preg to think the regex is over

I don't know regex well enough to know how this could be exploited,
but it certainly prevents emails from being forwarded.  We could
change the delimiter to something not valid per the RFC, but then a
specialy crafted boundary could still cause phpgw problems.

what do you think?

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-developers] possible vuln in email regex, advise fix, Chris Weiss <=

Prev by Date: [Phpgroupware-developers] Re: [bug #15210] can´t add a birthday-date older t hat 1970
Next by Date: [Phpgroupware-developers] Planned 0.9.16.010 Release
Previous by thread: [Phpgroupware-developers] Re: [bug #15210] can´t add a birthday-date older t hat 1970
Next by thread: [Phpgroupware-developers] Planned 0.9.16.010 Release
Index(es):
- Date
- Thread