File 001-Fix-MIME-parsing-of.filenames.patch of Package exim.18492
From 6ce5c70cff8989418e05d01fd2a57703007a6357 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Mon, 1 Jul 2024 19:35:12 +0100
Subject: [PATCH] Fix MIME parsing of filenames specified using multiple
parameters. Bug 3099
---
src/src/mime.c | 51 +++++++++++++-----------
src/src/string.c | 1 +
8 files changed, 156 insertions(+), 29 deletions(-)
Index: exim-4.97.1/src/mime.c
===================================================================
--- exim-4.97.1.orig/src/mime.c
+++ exim-4.97.1/src/mime.c
@@ -587,10 +587,10 @@ while(1)
while (*p)
{
- DEBUG(D_acl) debug_printf_indent("MIME: considering paramlist '%s'\n", p);
+ DEBUG(D_acl)
+ debug_printf_indent("MIME: considering paramlist '%s'\n", p);
- if ( !mime_filename
- && strncmpic(CUS"content-disposition:", header, 20) == 0
+ if ( strncmpic(CUS"content-disposition:", header, 20) == 0
&& strncmpic(CUS"filename*", p, 9) == 0
)
{ /* RFC 2231 filename */
@@ -604,11 +604,12 @@ while(1)
if (q && *q)
{
- uschar * temp_string, * err_msg;
+ uschar * temp_string, * err_msg, * fname = q;
int slen;
/* build up an un-decoded filename over successive
filename*= parameters (for use when 2047 decode fails) */
+/*XXX could grow a gstring here */
mime_fname_rfc2231 = string_sprintf("%#s%s",
mime_fname_rfc2231, q);
@@ -623,26 +624,32 @@ while(1)
/* look for a ' in the "filename" */
while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */
- if ((size = s-q) > 0)
- mime_filename_charset = string_copyn(q, size);
-
- if (*(p = s)) p++;
- while(*p == '\'') p++; /* p is after 2nd ' */
+ if (*s) /* there was a ' */
+ {
+ if ((size = s-q) > 0)
+ mime_filename_charset = string_copyn(q, size);
+
+ if (*(fname = s)) fname++;
+ while(*fname == '\'') fname++; /* fname is after 2nd ' */
+ }
}
- else
- p = q;
- DEBUG(D_acl) debug_printf_indent("MIME: charset %s fname '%s'\n",
- mime_filename_charset ? mime_filename_charset : US"<NULL>", p);
-
- temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen);
- DEBUG(D_acl) debug_printf_indent("MIME: 2047-name %s\n", temp_string);
+ DEBUG(D_acl)
+ debug_printf_indent("MIME: charset %s fname '%s'\n",
+ mime_filename_charset ? mime_filename_charset : US"<NULL>",
+ fname);
+
+ temp_string = rfc2231_to_2047(fname, mime_filename_charset,
+ &slen);
+ DEBUG(D_acl)
+ debug_printf_indent("MIME: 2047-name %s\n", temp_string);
temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ',
- NULL, &err_msg);
- DEBUG(D_acl) debug_printf_indent("MIME: plain-name %s\n", temp_string);
+ NULL, &err_msg);
+ DEBUG(D_acl)
+ debug_printf_indent("MIME: plain-name %s\n", temp_string);
- if (!temp_string || (size = Ustrlen(temp_string)) == slen)
+ if (!temp_string || (size = Ustrlen(temp_string)) == slen)
decoding_failed = TRUE;
else
/* build up a decoded filename over successive
@@ -651,9 +658,9 @@ while(1)
mime_filename = mime_fname = mime_fname
? string_sprintf("%s%s", mime_fname, temp_string)
: temp_string;
- }
- }
- }
+ } /*!decoding_failed*/
+ } /*q*/
+ } /*2231 filename*/
else
/* look for interesting parameters */
@@ -682,7 +689,7 @@ while(1)
/* There is something, but not one of our interesting parameters.
- Advance past the next semicolon */
+ Advance past the next semicolon */
p = mime_next_semicolon(p);
if (*p) p++;
} /* param scan on line */
@@ -800,5 +807,5 @@ return rc;
#endif /*WITH_CONTENT_SCAN*/
-/* vi: sw ai sw=2
+/* vi: aw ai sw=2
*/
Index: exim-4.97.1/src/string.c
===================================================================
--- exim-4.97.1.orig/src/string.c
+++ exim-4.97.1/src/string.c
@@ -1347,6 +1347,7 @@ Field width: decimal digits, or *
Precision: dot, followed by decimal digits or *
Length modifiers: h L l ll z
Conversion specifiers: n d o u x X p f e E g G % c s S T Y D M
+Alternate-form: %#s is silent about a null string
Returns the possibly-new (if copy for growth or taint-handling was needed)
string, not nul-terminated.
