RHEL5 pcre-6.6 lib and amavisd-2.10.1

Thu Mar 19 13:49:40 CET 2015

Hi,

Here's a proposed patch to go around that problem. Looks like it's
working (not heavily tested though).

BR,
Mika

---8<---
diff -up amavisd-new-2.10.1/amavisd.is_valid_utf_8_per_header_row
amavisd-new-2.10.1/amavisd

--- amavisd-new-2.10.1/amavisd.is_valid_utf_8_per_header_row	2015-03-19
11:30:09.741145226 +0200
+++ amavisd-new-2.10.1/amavisd	2015-03-19 11:39:43.720539986 +0200
@@ -2875,15 +2875,19 @@ sub is_valid_utf_8($) {
   #   [\x00-\x7F] | [\xC0-\xDF][\x80-\xBF] |
   #   [\xE0-\xEF][\x80-\xBF]{2} | [\xF0-\xF4][\x80-\xBF]{3}
   #
-  $_[0] =~ /^ (?: [\x00-\x7F] |
-                  [\xC2-\xDF] [\x80-\xBF] |
-                  \xE0 [\xA0-\xBF] [\x80-\xBF] |
-                  [\xE1-\xEC] [\x80-\xBF]{2} |
-                  \xED [\x80-\x9F] [\x80-\xBF] |
-                  [\xEE-\xEF] [\x80-\xBF]{2} |
-                  \xF0 [\x90-\xBF] [\x80-\xBF]{2} |
-                  [\xF1-\xF3] [\x80-\xBF]{3} |
-                  \xF4 [\x80-\x8F] [\x80-\xBF]{2} )* \z/xs ? 1 : 0;
+  my @header_lines = split /\n/, $_[0];
+  foreach my $header_line (@header_lines) {
+    return 0 if ! $header_line =~ /^ (?: [\x00-\x7F] |
+                    [\xC2-\xDF] [\x80-\xBF] |
+                    \xE0 [\xA0-\xBF] [\x80-\xBF] |
+                    [\xE1-\xEC] [\x80-\xBF]{2} |
+                    \xED [\x80-\x9F] [\x80-\xBF] |
+                    [\xEE-\xEF] [\x80-\xBF]{2} |
+                    \xF0 [\x90-\xBF] [\x80-\xBF]{2} |
+                    [\xF1-\xF3] [\x80-\xBF]{3} |
+                    \xF4 [\x80-\x8F] [\x80-\xBF]{2} )* \z/xs ? 1 : 0;
+  }
+  return 1; # all lines were valid utf8
 }

 # cleanly chop a UTF-8 byte sequence to $max_len or less, RFC 3629;
---8<---


On 03/18/2015 08:16 PM, Mika Ilmaranta wrote:
> 
> Hi,
> 
> In amavisd-2.10.0 (and later) is a check is_valid_utf_8() whose regexp
> makes pcre-6.6 stack overflow when given a To: -header which is more
> than a thousand rows long. To be exact I stumbled on a To: -header that
> was a little less than 1400 lines.
> 
> Making the stack 10x bigger than default for amavis with ulimit -s
> 102400 deals with it, but should amavis check the headers line by line
> rather than in a single blob?
> 
> BR,
> Mika
> 
> 

-- 
Mika Ilmaranta <ilmis at foobar.fi>
Foobar Linux services
+358 50 3023638
Foobar Oy <http://foobar.fi/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: amavisd-new-is_valid_utf_8_per_header_row.patch
Type: text/x-patch
Size: 1550 bytes
Desc: not available
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20150319/a3df89d4/attachment.bin>
