Commit 69386c52 authored by Byron Jones ‹:glob›'s avatar Byron Jones ‹:glob› Committed by David Lawrence

Bug 1202447: [SECURITY] The email address is not properly validated during…

Bug 1202447: [SECURITY] The email address is not properly validated during registration if longer than 127 characters r=LpSolit,a=justdave
parent eff343a6
...@@ -676,12 +676,18 @@ sub validate_email_syntax { ...@@ -676,12 +676,18 @@ sub validate_email_syntax {
# RFC 2822 section 2.1 specifies that email addresses must # RFC 2822 section 2.1 specifies that email addresses must
# be made of US-ASCII characters only. # be made of US-ASCII characters only.
# Email::Address::addr_spec doesn't enforce this. # Email::Address::addr_spec doesn't enforce this.
my $ret = ($addr =~ /$match/ && $email !~ /\P{ASCII}/ && $email =~ /^$addr_spec$/); # We set the max length to 127 to ensure addresses aren't truncated when
if ($ret) { # inserted into the tokens.eventdata field.
if ($addr =~ /$match/
&& $email !~ /\P{ASCII}/
&& $email =~ /^$addr_spec$/
&& length($email) <= 127)
{
# We assume these checks to suffice to consider the address untainted. # We assume these checks to suffice to consider the address untainted.
trick_taint($_[0]); trick_taint($_[0]);
return 1;
} }
return $ret ? 1 : 0; return 0;
} }
sub check_email_syntax { sub check_email_syntax {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment