Skip Menu |

This queue is for tickets about the Mail-Box CPAN distribution.

Report information
The Basics
Id: 31017
Status: resolved
Priority: 0/
Queue: Mail-Box

People
Owner: Nobody in particular
Requestors: jhe [...] proofpoint.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: infinite loop caused by malformed header
Date: Tue, 27 Nov 2007 14:42:40 -0800
To: bug-Mail-Box [...] rt.cpan.org
From: Jason He <jhe [...] proofpoint.com>
Hi, We noticed that Mail::Message::Field::Structured::parse() function can get into an infinite loop when parsing a malformed email header (missing end quote) like the one below: Content-Disposition: attachment; filename="Movie_0074.mpeg.pif The loop is in the second while() loop of parse(). Because of the missing end quote, both consumePhrase() and consumeComment(), which are implemented in Mail::Message::Field::Full, consume nothing. Thank you for looking into this issue. -Jason
Subject: Re: [rt.cpan.org #31017] infinite loop caused by malformed header
Date: Wed, 28 Nov 2007 09:39:31 +0100
To: "jhe [...] proofpoint.com via RT" <bug-Mail-Box [...] rt.cpan.org>
From: Mark Overmeer <mark [...] overmeer.net>
* jhe@proofpoint.com via RT (bug-Mail-Box@rt.cpan.org) [071127 22:43]: Show quoted text
> Tue Nov 27 17:43:10 2007: Request 31017 was acted upon. > Transaction: Ticket created by jhe@proofpoint.com > Queue: Mail-Box > Subject: infinite loop caused by malformed header > > We noticed that Mail::Message::Field::Structured::parse() function can > get into an infinite loop when parsing a malformed email header (missing > end quote) like the one below: > > Content-Disposition: attachment; > filename="Movie_0074.mpeg.pif
You spotted it correctly. I have changed the parsing from if($string =~ s/^\s*\"((?:[^"\\]*|\\.)*)\"// ) into if($string =~ s/^\s*\" ((?:[^"\r\n\\]*|\\.)*) (?:\"|\s*$)//x ) and added some tests. -- Thanks for the report, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net
Solved in 2.079