Autor: Michael Haardt Data: A: exim-users Assumpte: [exim] MIME question
Hello,
trying to understand some things, I fell over the following
example:
----------------------------------------------------------------------
Received: from localhost
by relay1.example.com; Mon, 05 Jul 1999 14:55:26 -0400
From: <test@???>
To: test@???
Subject: test
Mime-Version: 1.0
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit
Message-ID: <msg.id0@???>
Date: Mon, 05 Jul 1999 14:55:26 -0400
Received: from localhost
by relay1.example.com; Mon, 05 Jul 1999 14:55:26 -0400
From: <test@???>
To: test@???
Subject: test
Mime-Version: 1.0
Content-Type: message/plain
Content-Transfer-Encoding: 8bit
Message-ID: <msg.id1@???>
Date: Mon, 05 Jul 1999 14:55:26 -0400
body
----------------------------------------------------------------------
According to MIME, that's fine, but I am used to clients and scanners
recursively descending into message/rfc822 parts and I failed to find
anything describing that.
Changing the second Content-Type to message/rfc822 should generate an
error, because the "body" should be yet another header and a following
body. Right? Should I expect software to detect that error?
I see the potential for an attacker to use 50 headers and a 100 kB body,
thus generating 50 message files, each a little over 100 kB, and 5 MB
in total to scan.
Another point would be a message/rfc822 attachment with a broken MIME
structure. If I got the spec of demime right, exim saves such attachments
into their own files, processing them afterwards. A broken MIME structure
inside them will not affect scanning the containing message.
Does anybody know how other software works? To parse everything in a
linear fashion, you had to keep a stack of active boundaries. If any
boundary but the top matches, the MIME elements above are truncated.
Is that correct?