Overview

File maildrop-2.7.1-reformime-filenamedecode.patch of Package maildrop

--- maildrop-2.7.1/libs/rfc2045/reformime.c.orig	2013-08-25 20:54:20.000000000 +0200
+++ maildrop-2.7.1/libs/rfc2045/reformime.c	2016-09-30 12:11:25.795485020 +0200
@@ -353,6 +353,7 @@
 char *content_name;
 char	*p, *q;
 char	*dyn_disp_name=0;
+size_t len;
 
 const char *disposition_filename_s;
 
@@ -374,7 +375,20 @@
 	if (!disposition_filename_s || !*disposition_filename_s)
 		disposition_filename_s=content_name;
 
-	filename_buf=strdup(disposition_filename_s ? disposition_filename_s:"");
+#if 0
+	if (disposition_filename_s
+	    && disposition_filename_s[0] == '=' && disposition_filename_s[1] == '?')
+		/* This is not the standard, but happens a lot in practice.
+		 * Since reformime is also used by virus-/spamcheckers, this could
+		 * be used to circumvent them. For example =?abc.doc?= is turned into
+		 * __abc.doc__ below, whick would pass a checker blocking *.doc extensions.
+		 * Alternatively (additionally?), we could strip more strange stuff from
+		 * the end of a filename (or at least the "?=" combo).
+		 */
+		filename_buf=rfc2047_decode_simple(disposition_filename_s);
+	else
+#endif
+		filename_buf=strdup(disposition_filename_s ? disposition_filename_s:"");
 
 	if (!filename_buf)
 	{
@@ -386,14 +400,6 @@
 	if (disposition_name)		free(disposition_name);
 	if (disposition_filename)	free(disposition_filename);
 
-	if (strlen(filename_buf) > 32)
-	{
-		p=filename_buf;
-		q=filename_buf + strlen(filename_buf)-32;
-		while ( (*p++ = *q++) != 0)
-			;
-	}
-
 	/* Strip leading/trailing spaces */
 
 	p=filename_buf;
@@ -412,6 +418,30 @@
 			q=p+1;
 	*q=0;
 
+	len = strlen(filename_buf);
+	if (len > 4
+	    && filename_buf[0] == '=' && filename_buf[1] == '?'
+	    && filename_buf[len-2] == '?' && filename_buf[len-1] == '=')
+	{
+		filename_buf[len-2] = 0;
+		p=filename_buf+2;
+		q=filename_buf;
+		while ((*q=*p) != 0)
+		{
+			++p;
+			++q;
+		}
+		len-=4;
+	}
+
+ 	if (len > 32)
+	{
+		p=filename_buf;
+		q=filename_buf + strlen(filename_buf)-32;
+		while ( (*p++ = *q++) != 0)
+			;
+	}
+
 	disposition_filename_s=filename_buf;
 
 	if (ignore_filename)
openSUSE Build Service is sponsored by
Places