www-changes: CVS commit: htutils/cgi-src/feedback

Subject: CVS commit: htutils/cgi-src/feedback
To: None <www-changes@NetBSD.org>
From: Noriyuki Soda <soda@netbsd.org>
List: www-changes
Date: 07/26/2005 09:16:55

Module Name:	htutils
Committed By:	soda
Date:		Tue Jul 26 09:16:55 UTC 2005

Modified Files:
	htutils/cgi-src/feedback: feedback.cgi

Log Message:
fix a security hole, which was used by the following hosts & users yesterday:
IP address: 62.37.236.193,	Bcc: HomerRagtime@aol.com
IP address: 167.206.204.68,	Bcc: bergkoch8@aol.com
IP address: 65.37.95.73,	Bcc: jrubin3546@aol.com
IP address: 212.0.138.92,	Bcc: bergkoch8@aol.com

These hosts set "name" field to somethings like the following:
idvhf@NetBSD.org
Content-Type: multipart/mixed; boundary="===============0647525481=="
MIME-Version: 1.0
Subject: a9bc494c
To: idvhf@NetBSD.org
bcc: bergkoch8@aol.com
From: idvhf@NetBSD.org

This is a multi-part message in MIME format.

--===============0647525481==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

ffklqhdem
--===============0647525481==--


To generate a diff of this commit:
cvs rdiff -r1.8 -r1.9 htutils/cgi-src/feedback/feedback.cgi

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.