Bugtraq mailing list archives
Correction to sendmail attachment filter
From: Bennett Samowich <brs () BEN-TECH COM>
Date: Fri, 22 Sep 2000 00:15:18 -0400
Greetings, I have attached yet another copy of the sendmail filter with the corrections as recommended by Brett and Jason (thanks). During my tests it did block messages that used mixed case MIME tags for filenames. (e.g. Name="...", NAME="...", etc) These filters are not my forte', but I had been toying with them when this one came about. Thanks to those who caught the shortcomings. - Bennett Here is what was found: 1) An attacker could create a special message that contained mixed case MIME tags when specifying the attached file names. Example: Content-Type: TEXT/PLAIN; charset=US-ASCII; NaMe="filename.dll" Solution: added the following code to mlfi_body(): /* convert to lowercase */ q = p; while (*q) { *q = tolower(*q); q++; } 2) There was a flaw in the logic of bad_extension() that caused valid files to be incorrectly blocked. Example: .xls files were rejected as if they were .vbs file because they had a common character (the 's'). Solution: Changed if ( x != y ) n++; } if (n == len) return (0); To if ( x == y ) n++; } if (n != len) return (0);
Attachment:
noattach.c
Description:
Current thread:
- Correction to sendmail attachment filter Bennett Samowich (Sep 22)