1 From e7c25d5b603a33e677efc4bccb6e5cac617e7ad5 Mon Sep 17 00:00:00 2001
2 From: Jeremy Harris <jgh146exb@wizmail.org>
3 Date: Thu, 1 Jan 2015 21:47:10 +0000
4 Subject: [PATCH] Avoid crash with badly-terminated non-recognised mime
8 src/mime.c | 18 +++++++++++-------
10 test/mail/4000.userx | 42 +++++++++++++++++++++++++++++++++++++++++
11 test/scripts/4000-scanning/4000 | 32 +++++++++++++++++++++++++++++++
12 test/stdout/4000 | 11 +++++++++++
13 5 files changed, 99 insertions(+), 7 deletions(-)
15 diff --git a/src/mime.c b/src/mime.c
16 index e5fe476..948dd78 100644
19 @@ -589,6 +589,7 @@ DECODE_HEADERS:
23 + /* debug_printf(" considering paramlist '%s'\n", p); */
25 for (mp = mime_parameter_list;
26 mp < &mime_parameter_list[mime_parameter_list_size];
27 @@ -623,7 +624,7 @@ NEXT_PARAM_SEARCH:
29 param_value = rfc2047_decode(param_value,
30 check_rfc2047_length, NULL, 32, NULL, &dummy);
31 - debug_printf("Found %s MIME parameter in %s header, "
32 + debug_printf(" Found %s MIME parameter in %s header, "
33 "value is '%s'\n", mp->name, mime_header_list[i].name,
36 @@ -631,14 +632,17 @@ NEXT_PARAM_SEARCH:
37 goto NEXT_PARAM_SEARCH;
40 - /* There is something, but not one of our interesting parameters.
41 - Advance to the next semicolon */
43 + /* There is something, but not one of our interesting parameters.
44 + Advance to the next unquoted semicolon */
45 + while(*p && *p != ';')
48 - if (*p == '"') while(*++p && *p != '"') ;
50 + while(*++p && *p != '"') ;