Great Circle Associates Majordomo-Users
(May 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Can some hostile addresses be parsed?
From: "John P. Rouillard" <rouilj @ terminus . cs . umb . edu>
Date: Tue, 17 May 1994 17:27:51 -0400
To: bill @ biome . bio . dfo . ca (Bill Silvert)
Cc: majordomo-users @ greatcircle . com
In-reply-to: Your message of "Tue, 17 May 1994 17:02:46 -0300." <9405172002.AA04778@biome.bio.ns.ca> 

In message <9405172002.AA04778@biome.bio.ns.ca>, Bill Silvert writes:
> I didn't follow most of the discussion of hostile addresses, but
> suddenly (either because of a popular new list or because of the upgrade
> to 1.90) I'm having problems with Banyan Vines addresses.  I get stuff
> like:  
> /R=IML3/R=AM/U=user_name/FFN=USER_NAME/@mr.dfo.ca
>

Yup that looks like an internet->X.400 translation, transliteration,
munging, trashing.

> which is equivalent to user_name%AM%IML3@mr.dfo.ca, and apparently the
> translation conforms to standards.  Any chance that these names could be
> parsed by majordomo (this is clearly something that perl can do) into a
> non-hostile form?

The problem is that there is no great way to handle it. I know of one
vendor sendmail that will happily try to write to a file of that
name. Sendmail 8.6 on the otherhand won't attempt to treat it as a
file since it has an @ in it. I think the best we can do is something
like:


	if there is a / at the front of the address,

	split the address on /

	does the first component of the address exist, if so bounce
		the address. (Anybody who has a subdirectory of / with
		an = sign in the name should lose.)

	if the first component doesn't exist, accept the address.

To do this change the code in main'valid_addr to something like:

	sub main'valid_addr {
		local($addr) = @_;
		local(@addrs,@components) = ();

	    # Parse the address out into parts
	    @addrs = &main'ParseAddrs($addr);

	    # if there's not exactly 1 part, it's no good
	    if ($#addrs != 0) {
	        return undef;
	    }

	    # if there's a "|" in it, it's hostile
	    if (m/|/) {
	        &main'abort("HOSTILE ADDRESS $addr");
	        return undef;
	    }

	    local($_) = $addrs[0];

	    if (m#^/#) {
		@components = split(/\//, $_);
		
		if ( -e "/$components[0]" ) {
		    &main'abort("HOSTILE ADDRESS $addr");	
		    return undef;
		}

  	    }

	    return $_;
	}

Quips, comments, evasions, questions, answers, testers?  This is what
I will use in 1.91 if somebody can test it and tell me that it works
properly, otherwise I'll just stay with the current valid_addr.

				-- John
John Rouillard

Special Projects Volunteer	University of Massachusetts at Boston
rouilj@cs.umb.edu (preferred)	Boston, MA, (617) 287-6480
==============================================================================
My employers don't acknowledge my existence much less my opinions.
References:
Indexed By Date Previous: Re: bug in 1.90 with mungedomain=yes
From: "John P. Rouillard" <rouilj@terminus.cs.umb.edu>
Next: Re: Can some hostile addresses be parsed?
From: Brent Chapman <brent@mycroft.GreatCircle.COM>
Indexed By Thread Previous: Can some hostile addresses be parsed?
From: bill@biome.bio.ns.ca (Bill Silvert)
Next: Re: Can some hostile addresses be parsed?
From: Brent Chapman <brent@mycroft.GreatCircle.COM>
Google
 
Search Internet Search www.greatcircle.com