diff options
author | Eric Wong <e@80x24.org> | 2016-05-25 01:44:46 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2016-05-25 01:49:54 +0000 |
commit | 23a4e44bedabe5b8b651346cabc2a870c5377a30 (patch) | |
tree | e92220e935276cd1a2f466fa4bc6bf1e29fdb8e0 /lib/PublicInbox/MDA.pm | |
parent | 64aea34d06f71828b0bdd6ae177b9bcf22d752b4 (diff) | |
download | public-inbox-23a4e44bedabe5b8b651346cabc2a870c5377a30.tar.gz |
git has stricter requirements for ident names (no '<>') which Email::Address allows. Even in 1.908, Email::Address also has an incomplete fix for CVE-2015-7686 with a DoS-able regexp for comments. Since we don't care for or need all the RFC compliance of Email::Address, avoiding it entirely may be preferable. Email::Address will still be installed as a requirement for Email::MIME, but it is only used by the Email::MIME::header_str_set which we do not use
Diffstat (limited to 'lib/PublicInbox/MDA.pm')
-rw-r--r-- | lib/PublicInbox/MDA.pm | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/lib/PublicInbox/MDA.pm b/lib/PublicInbox/MDA.pm index e1207b56..2e6e9ec5 100644 --- a/lib/PublicInbox/MDA.pm +++ b/lib/PublicInbox/MDA.pm @@ -6,7 +6,6 @@ package PublicInbox::MDA; use strict; use warnings; use Email::Simple; -use Email::Address; use Date::Parse qw(strptime); use constant MAX_SIZE => 1024 * 500; # same as spamc default, should be tunable use constant MAX_MID_SIZE => 244; # max term size - 1 in Xapian @@ -62,13 +61,13 @@ sub alias_specified { my @address = ref($address) eq 'ARRAY' ? @$address : ($address); my %ok = map { - my @recip = Email::Address->parse($_); - lc(__drop_plus($recip[0]->address)) => 1; + lc(__drop_plus($_)) => 1; } @address; foreach my $line ($filter->cc, $filter->to) { - foreach my $addr (Email::Address->parse($line)) { - if ($ok{lc(__drop_plus($addr->address))}) { + my @addrs = ($line =~ /([^<\s]+\@[^>\s]+)/g); + foreach my $addr (@addrs) { + if ($ok{lc(__drop_plus($addr))}) { return 1; } } |