lexer_v3.l patch removing slowdown in the rule decoding urlencoded characters
Krzysztof Foltman
kfoltman at portal.onet.pl
Fri Dec 17 16:16:41 CET 2004
This patch removes a bug that caused extreme slowdown on particular HTML
code. An example email exploiting this bug is available on request.
I think it's not the only place with this kind of security holes in the
scanner code (ie. scanner rules that allow specially prepared emails to
make lexer slow down several thousand-fold), and think it warrants a bit
of investigation of the scanner.
Krzysztof Foltman
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: excess-lf.diff
URL: <https://www.bogofilter.org/pipermail/bogofilter-dev/attachments/20041217/4dfccfc6/attachment.ksh>
More information about the bogofilter-dev
mailing list