https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8101
Bug ID: 8101
Summary: DecodeShortURLs fails to resolve chained relative
location paths
Product: Spamassassin
Version: 4.0.0
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: dilld...@bjork.org
Target Milestone: Undefined
When an embedded URL in a message resolves to a relative location path,
DecodeShortURLs fails to fully resolve it. This appears to be actively
exploited in spam already, which is how I came across it.
Example (random, not from a spam message) - note the double slash preceding
path:
https://bit.ly//1Zmfo8z
This will return "location: /1Zmfo8z", which is a fully valid relative
response. The plugin will however try to fetch the returned location header
verbatim, rather than relative to the first request.
Ideally the plugin should maintain a minimal state sufficient to fully handle
all examples in section 5.4.1 of RFC 3986:
https://www.rfc-editor.org/rfc/rfc3986#section-5.4
--
You are receiving this mail because:
You are the assignee for the bug.
