We use cookies to ensure you get the best experience on our website
Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
0ct0pu5
/
squirrelmail
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Prechádzať zdrojové kódy

improve message ID generation: put together a string based on user-data
(username, IP, remote port), serial data (time in ms) and randomness,
and put this all through a one-way hash. This makes the chance on
collisions unrealistically small, and at the same time prevents all
kinds of trouble when some vars are not available or contain non-allowed
information (like IPv6 addresses).

Thijs Kinkhorst 17 rokov pred
rodič
5e85598e72
commit
40f5f2b9d3
1 zmenil súbory, kde vykonal 14 pridanie a 11 odobranie
Jednotné zobrazenie Ukázať štatistiku rozdielnych dát
  1. 14 11
      class/deliver/Deliver.class.php

+ 14 - 11
class/deliver/Deliver.class.php
Zobraziť súbor 

@@ -491,8 +491,10 @@ class Deliver {
 
         global $domain, $username, $encode_header_key,
 
         global $domain, $username, $encode_header_key,
 
                $edit_identity, $hide_auth_header;
 
                $edit_identity, $hide_auth_header;
 
 
 
-        /* if server var SERVER_NAME not available, use $domain */
 
-        if(!sqGetGlobalVar('SERVER_NAME', $SERVER_NAME, SQ_SERVER)) {
 
+        /* if server var SERVER_NAME not available, or contains
 
+           ":" (e.g. IPv6) which is illegal in a Message-ID, use $domain */
 
+        if(!sqGetGlobalVar('SERVER_NAME', $SERVER_NAME, SQ_SERVER) ||
 
+            strpos($SERVER_NAME,':') !== FALSE) {
 
             $SERVER_NAME = $domain;
 
             $SERVER_NAME = $domain;
 
         }
 
         }
 
 
 
@@ -506,16 +508,17 @@ class Deliver {
 
 
 
         /* This creates an RFC 822 date */
 
         /* This creates an RFC 822 date */
 
         $date = date('D, j M Y H:i:s ', time()) . $this->timezone();
 
         $date = date('D, j M Y H:i:s ', time()) . $this->timezone();
 
+
 
         /* Create a message-id */
 
         /* Create a message-id */
 
-        $message_id = '<' . (!empty($REMOTE_PORT) ? $REMOTE_PORT . '.' : '');
 
-//FIXME: if $REMOTE_ADDR is missing, should we skip this if/else block?  or perhaps try to generate it with some different kind of info?
 
-        if (isset($encode_header_key) && trim($encode_header_key)!='') {
 
-            // use encrypted form of remote address
 
-            $message_id.= OneTimePadEncrypt($this->ip2hex($REMOTE_ADDR),base64_encode($encode_header_key));
 
-        } else {
 
-            $message_id.= $REMOTE_ADDR;
 
-        }
 
-        $message_id .= '.' . time() . '.squirrel@' . $SERVER_NAME .'>';
 
+        $message_id = '<';
 
+        /* user-specifc data to decrease collision chance */
 
+        $seed_data = $username . '.';
 
+        $seed_data .= (!empty($REMOTE_PORT) ? $REMOTE_PORT . '.' : '');
 
+        $seed_data .= (!empty($REMOTE_ADDR) ? $REMOTE_ADDR . '.' : '');
 
+        /* add the current time in milliseconds and randomness */
 
+        $seed_data .= uniqid(mt_rand(),true);
 
+        /* put it through one-way hash and add it to the ID */
 
+        $message_id .= md5($seed_data) . '.squirrel@' . $SERVER_NAME .'>';
 
         $this->message_id = $message_id;
 
         $this->message_id = $message_id;
 
 
 
         /* Make an RFC822 Received: line */
 
         /* Make an RFC822 Received: line */

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5