diff options
author | Eric Wong <e@80x24.org> | 2014-04-09 00:06:53 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2014-04-09 01:29:42 +0000 |
commit | 84030f441bc072d64745d6df49e56e603194fe95 (patch) | |
tree | d56227b6a4b526f0ef4b04a285705c54fff4ecad | |
parent | 789f3d2e35034632da49d988e2e90f2e4c95604c (diff) | |
download | public-inbox-84030f441bc072d64745d6df49e56e603194fe95.tar.gz |
We should reject values which are too short to be useful or sane.
-rw-r--r-- | lib/PublicInbox.pm | 19 | ||||
-rw-r--r-- | t/precheck.t | 9 |
2 files changed, 22 insertions, 6 deletions
diff --git a/lib/PublicInbox.pm b/lib/PublicInbox.pm index b05fd8c5..cfa9d4bf 100644 --- a/lib/PublicInbox.pm +++ b/lib/PublicInbox.pm @@ -4,6 +4,7 @@ package PublicInbox; use strict; use warnings; use Email::Address; +use Date::Parse qw(strptime); use constant MAX_SIZE => 1024 * 500; # same as spamc default # drop plus addressing for matching @@ -17,13 +18,25 @@ sub __drop_plus { sub precheck { my ($klass, $filter, $recipient) = @_; my $simple = $filter->simple; - return 0 unless $simple->header("Message-ID"); - return 0 unless defined($filter->from); - return 0 unless $simple->header("Subject"); + my $mid = $simple->header("Message-ID"); + return 0 unless usable_str(length('<m@h>'), $mid) && $mid =~ /\@/; + return 0 unless usable_str(length('u@h'), $filter->from); + return 0 unless usable_str(length(':o'), $simple->header("Subject")); + return 0 unless usable_date($simple->header("Date")); return 0 if length($simple->as_string) > MAX_SIZE; recipient_specified($filter, $recipient); } +sub usable_str { + my ($len, $str) = @_; + defined($str) && length($str) >= $len; +} + +sub usable_date { + my @t = eval { strptime(@_) }; + scalar @t; +} + sub recipient_specified { my ($filter, $recipient) = @_; defined($recipient) or return 1; # for mass imports diff --git a/t/precheck.t b/t/precheck.t index 1bfa4c9f..acfd5e8b 100644 --- a/t/precheck.t +++ b/t/precheck.t @@ -36,7 +36,8 @@ sub do_checks { Cc => 'c@example.com', 'Content-Type' => 'text/plain', Subject => 'this is a subject', - 'Message-ID' => '<MID>', + 'Message-ID' => '<MID@host>', + Date => 'Wed, 09 Apr 2014 01:28:34 +0000', ], body => "hello world\n", )); @@ -50,7 +51,8 @@ sub do_checks { Cc => 'John Doe <c@example.com>', 'Content-Type' => 'text/plain', Subject => 'this is a subject', - 'Message-ID' => '<MID>', + 'Message-ID' => '<MID@host>', + Date => 'Wed, 09 Apr 2014 01:28:34 +0000', ], body => "hello world\n", )); @@ -64,7 +66,8 @@ sub do_checks { Cc => 'c@example.com', 'Content-Type' => 'text/plain', Subject => 'this is a subject', - 'Message-ID' => '<MID>', + 'Message-ID' => '<MID@host>', + Date => 'Wed, 09 Apr 2014 01:28:34 +0000', ], body => "hello world\n", ); |