[rt-users] REST mail-gateway using 100% cpu

Alex Vandiver alexmv at bestpractical.com
Mon Jan 20 16:28:27 EST 2014


On Sun, 2014-01-19 at 23:54 -0800, andriuss wrote:
> I don't think so. 
> First point, correct me if I'm wrong - An 'encoded-word' MUST NOT appear in
> any portion of an 'addr-spec' :
> 
> It says, that you can't have the following syntax: "Name Surname"
> <name@=?UTF-8?B?abc=?=>

...are you attempting to claim that a From: header of
=?UTF-8?B?ICJUb21hcyBNYXLEjWl1bGlvbmlzIiA8VG9tYXMuTWFyY2l1bGlvbmlzQGJp?=
 =?UTF-8?B?dGVzcGFydG5lcmlzLmx0Pg==?= is _not_ an example of an
encoded-word appearing in some portion of an addr-spec?  Like, the
addr-spec that _should_ be written
Tomas.Marciulionis at bitespartneris.lt ?  I'd say that's an encoded word
appearing in a portion where an addr-spec is expected.

Regardless, see below.

> See http://tools.ietf.org/html/rfc2047#page-11, the examples section, where
> the following is said to be correct syntax, untill the encoded word is self
> contained:
> 
> Subject: =?ISO-8859-1?B?SWYgeW91IGNhbiByZWFkIHRoaXMgeW8=?=
>     =?ISO-8859-2?B?dSB1bmRlcnN0YW5kIHRoZSBleGFtcGxlLg==?=

No.  That is entirely different.  The "subject" field is not a
"structured header"[1] -- it merely consists of "*text"[2].  As such,
this follows rule (1) of [3].  The "From" field, however, is a
structured header the full ABNF of which can be found in [4].  As such,
you're not allowed to replace the entire content with an encoded-words.
Per rule (3) of [3], "phrase" is the only place which an encoded-word is
allowed to be found in a structured field.  And "phrase" can only occur
in one place in an "address": specifically, before <foo at example.com>.

I guarantee that no widely-used email client chooses to format addresses
does encoding the way you're insinuating.  RT is clearly _wrong_ to
consume CPU time parsing it, but it would be almost more wrong to parse
in the way you're implying.  My mail client, for instance, rightly
refuses to parse it at all, and leaves it as =?UTF-8?B?....?= when
displaying, and indeed when attempting to reply to such a message.

I am still morbidly curious to hear what software created that header.

 - Alex


[1] http://tools.ietf.org/html/rfc822#section-3.1.2
[2] http://tools.ietf.org/html/rfc822#section-4.1
[3] http://tools.ietf.org/html/rfc2047#section-5
[4] http://tools.ietf.org/html/rfc2822#section-3.4




More information about the rt-users mailing list