From 84030f441bc072d64745d6df49e56e603194fe95 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Wed, 9 Apr 2014 00:06:53 +0000
Subject: precheck: stricter checks including min length

We should reject values which are too short to be useful or sane.
---
 lib/PublicInbox.pm | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/PublicInbox.pm b/lib/PublicInbox.pm
index b05fd8c5..cfa9d4bf 100644
--- a/lib/PublicInbox.pm
+++ b/lib/PublicInbox.pm
@@ -4,6 +4,7 @@ package PublicInbox;
 use strict;
 use warnings;
 use Email::Address;
+use Date::Parse qw(strptime);
 use constant MAX_SIZE => 1024 * 500; # same as spamc default
 
 # drop plus addressing for matching
@@ -17,13 +18,25 @@ sub __drop_plus {
 sub precheck {
 	my ($klass, $filter, $recipient) = @_;
 	my $simple = $filter->simple;
-	return 0 unless $simple->header("Message-ID");
-	return 0 unless defined($filter->from);
-	return 0 unless $simple->header("Subject");
+	my $mid = $simple->header("Message-ID");
+	return 0 unless usable_str(length('<m@h>'), $mid) && $mid =~ /\@/;
+	return 0 unless usable_str(length('u@h'), $filter->from);
+	return 0 unless usable_str(length(':o'), $simple->header("Subject"));
+	return 0 unless usable_date($simple->header("Date"));
 	return 0 if length($simple->as_string) > MAX_SIZE;
 	recipient_specified($filter, $recipient);
 }
 
+sub usable_str {
+	my ($len, $str) = @_;
+	defined($str) && length($str) >= $len;
+}
+
+sub usable_date {
+	my @t = eval { strptime(@_) };
+	scalar @t;
+}
+
 sub recipient_specified {
 	my ($filter, $recipient) = @_;
 	defined($recipient) or return 1; # for mass imports
-- 
cgit v1.2.3-24-ge0c7