Mailing List Archive: svn commit: r433053 - in /spamassassin/branches/3.1: lib/Mail/SpamAssassin/Util.pm t/uri.t

Author: felicity
Date: Sun Aug 20 14:26:08 2006
New Revision: 433053

URL: http://svn.apache.org/viewvc?rev=433053&view=rev
Log:
bug 5013: deal octal obfuscation of IP addrs in URLs

Modified:
spamassassin/branches/3.1/lib/Mail/SpamAssassin/Util.pm
spamassassin/branches/3.1/t/uri.t

Modified: spamassassin/branches/3.1/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.1/lib/Mail/SpamAssassin/Util.pm?rev=433053&r1=433052&r2=433053&view=diff
==============================================================================
--- spamassassin/branches/3.1/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/branches/3.1/lib/Mail/SpamAssassin/Util.pm Sun Aug 20 14:26:08 2006
@@ -1127,11 +1127,22 @@

########################

- # deal with 'http://213.172.0x1f.13/', decode encoded octets
- if ($host =~ /^([0-9a-fx]*\.)([0-9a-fx]*\.)([0-9a-fx]*\.)([0-9a-fx]*)$/ix) {
- my (@chunk) = ($1,$2,$3,$4);
- for my $octet (0 .. 3) {
- $chunk[$octet] =~ s/^0x([0-9a-f][0-9a-f])/sprintf "%d",hex($1)/gei;
+ # deal with hosts which are IPs
+ # also handle things like:
+ # http://89.0x00000000000000000000068.0000000000000000000000160.0x00000000000011
+ # both hex (0x) and oct (0+) encoded octets, etc.
+
+ if ($host =~ /^
+ ((?:0x[0-9a-f]{2,}|\d+)\.)
+ ((?:0x[0-9a-f]{2,}|\d+)\.)
+ ((?:0x[0-9a-f]{2,}|\d+)\.)
+ (0x[0-9a-f]{2,}|\d+)
+ $/ix) {
+ my @chunk = ($1,$2,$3,$4);
+ foreach my $octet (@chunk) {
+ $octet =~ s/^0x0*([0-9a-f][0-9a-f])/sprintf "%d",hex($1)/gei;
+ $octet =~ s/^0+([1-3][0-7]{0,2}|[4-7][0-7]?)\b/sprintf "%d",oct($1)/ge;
+ $octet =~ s/^0+//;
}
push(@nuris, join ('', $proto, @chunk, $rest));
}

Modified: spamassassin/branches/3.1/t/uri.t
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.1/t/uri.t?rev=433053&r1=433052&r2=433053&view=diff
==============================================================================
--- spamassassin/branches/3.1/t/uri.t (original)
+++ spamassassin/branches/3.1/t/uri.t Sun Aug 20 14:26:08 2006
@@ -23,7 +23,7 @@
use Mail::SpamAssassin::HTML;
use Mail::SpamAssassin::Util;

-plan tests => 84;
+plan tests => 88;

##############################################

@@ -206,6 +206,35 @@
'http://65.26.26.95:/https-www.paypal.com/webscrr/index.php',
'http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://1092229727:/https-www.paypal.com/webscrr/index.php',
]));
+
+ok(try_canon([
+ 'http://89.0x00000000000000000000068.0000000000000000000000160.0x00000000000011'
+ ], [
+ 'http://89.0x00000000000000000000068.0000000000000000000000160.0x00000000000011',
+ 'http://89.104.112.17',
+ ]));
+
+ok(try_canon([
+ 'http://0x000000059.104.00000000000160.0x00011'
+ ], [
+ 'http://0x000000059.104.00000000000160.0x00011',
+ 'http://89.104.112.17',
+ ]));
+
+ok(try_canon([
+ 'http://089.104.0160.0x11',
+ ], [
+ 'http://089.104.0160.0x11',
+ 'http://89.104.112.17',
+ ]));
+
+ok(try_canon([
+ 'http://0x7f000001',
+ ], [
+ 'http://0x7f000001',
+ 'http://127.0.0.1',
+ ]));
+

##############################################