From 84030f441bc072d64745d6df49e56e603194fe95 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Wed, 9 Apr 2014 00:06:53 +0000
Subject: precheck: stricter checks including min length

We should reject values which are too short to be useful or sane.
---
 lib/PublicInbox.pm | 19 ++++++++++++++++---
 t/precheck.t       |  9 ++++++---
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/lib/PublicInbox.pm b/lib/PublicInbox.pm
index b05fd8c5..cfa9d4bf 100644
--- a/lib/PublicInbox.pm
+++ b/lib/PublicInbox.pm
@@ -4,6 +4,7 @@ package PublicInbox;
 use strict;
 use warnings;
 use Email::Address;
+use Date::Parse qw(strptime);
 use constant MAX_SIZE => 1024 * 500; # same as spamc default
 
 # drop plus addressing for matching
@@ -17,13 +18,25 @@ sub __drop_plus {
 sub precheck {
 	my ($klass, $filter, $recipient) = @_;
 	my $simple = $filter->simple;
-	return 0 unless $simple->header("Message-ID");
-	return 0 unless defined($filter->from);
-	return 0 unless $simple->header("Subject");
+	my $mid = $simple->header("Message-ID");
+	return 0 unless usable_str(length('<m@h>'), $mid) && $mid =~ /\@/;
+	return 0 unless usable_str(length('u@h'), $filter->from);
+	return 0 unless usable_str(length(':o'), $simple->header("Subject"));
+	return 0 unless usable_date($simple->header("Date"));
 	return 0 if length($simple->as_string) > MAX_SIZE;
 	recipient_specified($filter, $recipient);
 }
 
+sub usable_str {
+	my ($len, $str) = @_;
+	defined($str) && length($str) >= $len;
+}
+
+sub usable_date {
+	my @t = eval { strptime(@_) };
+	scalar @t;
+}
+
 sub recipient_specified {
 	my ($filter, $recipient) = @_;
 	defined($recipient) or return 1; # for mass imports
diff --git a/t/precheck.t b/t/precheck.t
index 1bfa4c9f..acfd5e8b 100644
--- a/t/precheck.t
+++ b/t/precheck.t
@@ -36,7 +36,8 @@ sub do_checks {
 			Cc => 'c@example.com',
 			'Content-Type' => 'text/plain',
 			Subject => 'this is a subject',
-			'Message-ID' => '<MID>',
+			'Message-ID' => '<MID@host>',
+			Date => 'Wed, 09 Apr 2014 01:28:34 +0000',
 		],
 		body => "hello world\n",
 	));
@@ -50,7 +51,8 @@ sub do_checks {
 			Cc => 'John Doe <c@example.com>',
 			'Content-Type' => 'text/plain',
 			Subject => 'this is a subject',
-			'Message-ID' => '<MID>',
+			'Message-ID' => '<MID@host>',
+			Date => 'Wed, 09 Apr 2014 01:28:34 +0000',
 		],
 		body => "hello world\n",
 	));
@@ -64,7 +66,8 @@ sub do_checks {
 			Cc => 'c@example.com',
 			'Content-Type' => 'text/plain',
 			Subject => 'this is a subject',
-			'Message-ID' => '<MID>',
+			'Message-ID' => '<MID@host>',
+			Date => 'Wed, 09 Apr 2014 01:28:34 +0000',
 		],
 		body => "hello world\n",
 	);
-- 
cgit v1.2.3-24-ge0c7