AW: AW: Problems with TNEF and long filenames
Ehle, Roland
roland at inbox4u.de
Thu Jan 31 11:07:39 GMT 2008
Jules,
thanks again for your help.
Just to have a better understanding: the filename check probably takes place after unpacking TNEF files? If so, I do not see a security problem.
Regards,
Roland
Jules wrote:
Well I have found it, but I'm a bit reluctant to change it:
$safename = $message->MakeNameSafe($_->longname, $dir);
push @replacements, $safename;
#print STDERR "Safe name is \"$safename\"\n";
$message->{entity}->attach(Type => "application/octet-stream",
Encoding => "base64",
Disposition => "attachment",
Filename => $safename,
Path => $filename);
Putting a dangerous filename back in the e-mail is a bit dodgy from a
security point of view. But I could change
Filename => $safename,
to
Filename => $_->longname,
which should fix it.
What does anyone think?
More information about the MailScanner
mailing list