Bugtraq mailing list archives

Re: base64

From: MightyE <trash () mightye org>
Date: Wed, 24 Sep 2003 15:13:57 -0400

I agree, I don't think it's unreasonable to reject improperly formattedmessages. Chances are much higher that they're spam or virii, and theminority with broken clients will find their way to non-broken clients.If you are parsing the message, particularly looking for malware, andencounter an improper encoding, bounce the message with a meaningfulerror, this way you don't have to worry about a targeted exploit thatdepends on the way one email client (mis)interprets a message in adifferent way from your virus scanner.

The RFC does declare an = to indicate that the end of the data streamhas been reached, further data should be truncated, though it seems eachemail client actually handles this differently. Take the low roadcatchall, and simply reject them as a matter of course.


-Eric Stevens
mightye a@t mightye d.o.t org

Christian Vogel wrote:

Hi,

On Tue, Sep 23, 2003 at 07:50:56PM +0300, Alexander Ogol wrote:

decision in all situations. Some mailing lists (debian-russian, for example)
add some 7bit information after letter body while re-forwarding, regardless
of was the letter base64/QP encoded or not, resulting of such malformed


Then this software is severly broken (MIME-wise), imho, and needs to be
updated/changed/dumed.

So I think that the right solution (before antivirus software would be
rewritten) is to write filters by yourself - decode base64 as that do
popular mail clients and give them to antivirus.


With this approach, you are always on the "one step behind" side of
the problem. It's only a matter of time that someone finds out that
(made up example:) you can use a UTF8-mis-encoded "=" in Microsoft's
base64-decoder... The only sane way is to check if it's in the
standard-form ("abcABC=") and reject or convert if it's not.

99.99% of all software should create the standard form, so please
let the tiny fraction of users with broken software suffer
when their mails get rejected.

(Note: this of course applies not only to Base64 but to all aspects
of header-parsing, file-format guessing etc...)

        Chris

Current thread:

Re: base64, (continued)
- - - Re: base64 Earl Hood (Sep 25)
    - Re: base64 Christian Vogel (Sep 25)
    - Re: base64 Seth Breidbart (Sep 24)
- Re: base64 Alexander Ogol (Sep 23)
  - Re: base64 Christian Vogel (Sep 24)
    - Re: base64 David Wilson (Sep 24)
    - Re: base64 der Mouse (Sep 24)
- Re: base64 Earl Hood (Sep 26)
- RE: base64 latte (Sep 23)
- Re: base64 Ilya Teterin (Sep 23)
- Re: base64 MightyE (Sep 24)
  - Re: base64 Buck Huppmann (Sep 24)
    - Re: base64 Andrew Church (Sep 25)
  - Message not available
    - Re: base64 MightyE (Sep 25)
    - Re: base64 Bennett Todd (Sep 25)
    - Re: base64 MightyE (Sep 25)
    - Re: base64 Earl Hood (Sep 26)
    - Re: base64 Bennett Todd (Sep 26)
    - Re[2]: base64 3APA3A (Sep 26)
    - RE: base64 Alun Jones (Sep 26)
    - Re: base64 Bennett Todd (Sep 26)

(Thread continues...)