From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/38584 Path: main.gmane.org!not-for-mail From: Karl Kleinpaste Newsgroups: gmane.emacs.gnus.general Subject: Patch needed: Defense against embedded ^M in Message-Id -- ow! Date: Tue, 04 Sep 2001 08:00:10 -0400 Message-ID: NNTP-Posting-Host: coloc-standby.netfonds.no Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: main.gmane.org 1035174425 23321 80.91.224.250 (21 Oct 2002 04:27:05 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Mon, 21 Oct 2002 04:27:05 +0000 (UTC) Keywords: header,carriage return,overview Return-Path: Return-Path: Original-Received: (qmail 17709 invoked from network); 4 Sep 2001 12:00:11 -0000 Original-Received: from mesquite.slip.cs.cmu.edu (HELO cinnamon.vanillaknot.com) (128.2.207.11) by gnus.org with SMTP; 4 Sep 2001 12:00:11 -0000 Original-Received: (from karl@localhost) by cinnamon.vanillaknot.com (8.11.2/8.11.2) id f84C0AT18861; Tue, 4 Sep 2001 08:00:10 -0400 Original-To: ding@gnus.org X-Face: ?=p^Gj2JkX~UU_@W}[q/'Dxn19x-zfIQ](y<&ky/?1-&Nz&,!W}R.Gp+"LeGojoR =RF>?!XVs{a:`Yt(gqM<#$Zy(C@]'dR4Hy4S1.I(n3:2"R:=Uy!)K9>U!gNTyH{p +_w#F[gt).$Vyvo5=9LF^PeQ(@H#}QLAbfyYxX/8t:TDR5nA\|RmJO"EwjL8tWyvM User-Agent: Gnus/5.090004 (Oort Gnus v0.04) XEmacs/21.4 (Artificial Intelligence) Original-Lines: 25 Xref: main.gmane.org gmane.emacs.gnus.general:38584 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:38584 --=-=-= I got another screwup in my spam-catcher "tomb" group this morning. Same symptom as before, article expiry choking on an invalid numeric comparison to `>'. I took a closer look, and what I found is fairly horrifying. There are spammers out there whose messages contain a literal carriage return character in the Message-Id header. Take a peek below (and maybe hit `i' twice on its MIME component to get it rendered as text/plain). And that's ignoring entirely the fact that the Message-Id header looks more like a Received header in the first place. --=-=-= Content-Type: message/rfc822 Content-Disposition: inline; filename=8775 Content-Description: header screwup with embedded carriage return X-From-Line: enrda352@hotmail.com Tue Sep 4 07:17:07 2001 Return-Path: Received: from exchange1.rediscom.pt ([194.65.156.50]) by cinnamon.vanillaknot.com (8.11.2/8.11.2) with ESMTP id f84BGq717958 for ; Tue, 4 Sep 2001 07:16:59 -0400 Received: from myrop (208-187-17-200-losangeles.cwia.com [208.187.17.200]) by exchange1.rediscom.pt with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id QS469TZ5; Sat, 25 Aug 2001 20:30:21 +0100 X-Gnus-Mail-Source: file:/var/spool/mail/karl Message-ID: <00004f9a34c1$00001d6e$00006e46@myrop (ew6.southwind.net [216.53.98.70]) by onyx.southwind.net from homepage.com (114.230.197.216) by newmail.spectraweb.ch from default (m202.2-25.warwick.net [218.242.202.80]) byhost.warwick.net (8.10.0.Beta10/8.10.0.Beta10) with SMTP id e9GKEKk19201 > To: From: enrda352@hotmail.com Subject: Targeted E-Mail Marketing Lists............. *f Date: Sat, 25 Aug 2001 18:19:25 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal Errors-To: ertgmsd@concentric.net X-Mailer: Mozilla 4.72 [en] (Win98; U) Keywords: font,color,face,arial,size,align, ,height,narrow,#000000,div,width,left,span,name,#008000,right,center,input,style,sans-s,helvetica,erif,bgcolor,background-color Lines: 2 Xref: cinnamon.vanillaknot.com tomb:8775 --=-=-= This induces an overview file which contains 2 lines, because somewhere along the way Gnus converts the carriage return to a newline. The 2nd line makes for the malformed overview entry, because it begins with that `>'. I would guess that what's needed for this is a patch to turn carriage returns into bland space characters, the way that I expect all headers have tabs converted to spaces to prevent screwing up the tab-separated overview files. Does anyone know precisely where this occurs? A quick peek at nnheader.el wasn't terribly informative. --=-=-=--