Author: dbkr
Date: 2006-08-05 14:10:49 +0000 (Sat, 05 Aug 2006)
New Revision: 9902
Modified:
trunk/apps/Freemail/src/freemail/Postman.java
Log:
Only check the first From header we find to avoid a DoS attack (bad guy sends
mail with thousands of from headers, your client sits there checking them until
the cows come home).
Modified: trunk/apps/Freemail/src/freemail/Postman.java
===================================================================
--- trunk/apps/Freemail/src/freemail/Postman.java 2006-08-05 13:49:40 UTC
(rev 9901)
+++ trunk/apps/Freemail/src/freemail/Postman.java 2006-08-05 14:10:49 UTC
(rev 9902)
@@ -32,13 +32,19 @@
String[] froms = newmsg.getHeadersAsArray("From");
int i;
+ boolean first = true;
for (i = 0; i < froms.length; i++) {
EmailAddress addr = new EmailAddress(froms[i]);
- if (!this.validateFrom(addr)) {
+ if (first) {
+ if (!this.validateFrom(addr)) {
+ newmsg.removeHeader("From", froms[i]);
+ newmsg.addHeader("From", "**SPOOFED!**
"+froms[i]);
+ }
+ } else {
newmsg.removeHeader("From", froms[i]);
- newmsg.addHeader("From", "**SPOOFED!**
"+froms[i]);
}
+ first = false;
}
