[exim-dev] Possible $mime_decoded_filename bug

Top Page
Delete this message
Reply to this message
Author: dan_mitton
Date:  
To: exim-dev
Subject: [exim-dev] Possible $mime_decoded_filename bug
I think I might have found a small bug in the setting of the
$mime_decoded_filename expansion variable. The below code snippet is from
mime.c (4.68). It seems that when fname != NULL && pname == NULL, the
"filename" variable never gets set, which ends up setting
mime_decoded_filename = empty string. Could someone else take a look to
verify what I am seeing...

FILE *mime_get_decode_file(uschar *pname, uschar *fname) {
FILE *f = NULL;
uschar *filename;

filename = (uschar *)malloc(2048);

  if ((pname != NULL) && (fname != NULL)) {
    (void)string_format(filename, 2048, "%s/%s", pname, fname);
    f = modefopen(filename,"wb+",SPOOL_MODE);
  }
  else if (pname == NULL) {
    f = modefopen(fname,"wb+",SPOOL_MODE);
  }
  else if (fname == NULL) {
    int file_nr = 0;
    int result = 0;


    /* must find first free sequential filename */
    do {
      struct stat mystat;
      (void)string_format(filename,2048,"%s/%s-%05u", pname, message_id, 
file_nr);
      file_nr++;
      /* security break */
      if (file_nr >= 1024)
        break;
      result = stat(CS filename,&mystat);
    }
    while(result != -1);
    f = modefopen(filename,"wb+",SPOOL_MODE);
  };


/* set expansion variable */
mime_decoded_filename = filename;

return f;
}