Subject: | Email::Address takes very long to parse weird strings |
The header contained in the attached file makes Email::Address->parse
take very long to complete; our amavisd-new instance kills the
subprocess after 8 minutes. Of course, the header is all weird and
probably broken, and I don't even expect correct parsing results, but
still, this is some DoS attack vector.
How to reproduce:
$ cat run.pl
use Email::Address;
undef $/;
my $a = <>;
$a =~ s/^To: //;
print Email::Address->parse($a);
$ perl run.pl < to.txt
We also have a much shorter (some 100 bytes) header that makes the run
time explode that I'll attach as soon I can find it...
Subject: | to.txt |
Message body is not shown because it is too large.