[exim-dev] [Bug 1513] mime handling broken

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1513

Git Commit <git@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |git@???

--- Comment #2 from Git Commit <git@???> 2014-07-31 01:17:30 ---
Git commit:
http://git.exim.org/exim.git/commitdiff/4fd5d2bf25195969b9c6a6c23a59c495400ece8d

commit 4fd5d2bf25195969b9c6a6c23a59c495400ece8d
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Jul 30 21:42:38 2014 +0100
Commit:     Jeremy Harris <jgh146exb@???>
CommitDate: Wed Jul 30 21:42:38 2014 +0100

    Fix parsing of quoted parameter values in MIME headers.  Bug 1513
---
 src/src/mime.c |   26 +++++++++++++++++++-------
 1 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/src/mime.c b/src/src/mime.c
index 6a9e31a..95d3da4 100644
--- a/src/src/mime.c
+++ b/src/src/mime.c
@@ -601,16 +601,28 @@ NEXT_PARAM_SEARCH:
            int param_value_len = 0;

            /* found an interesting parameter? */
-           if (strncmpic(mp->name, p,mp->namelen) == 0)
+           if (strncmpic(mp->name, p, mp->namelen) == 0)
              {
              uschar *q = p + mp->namelen;
+             int size = 0;
+             int ptr = 0;
+
              /* yes, grab the value and copy to its corresponding expansion
variable */
-             while(*q != ';') q++;
-             param_value_len = (q - (p + mp->namelen));
-             param_value = (uschar *)malloc(param_value_len+1);
-             memset(param_value,0,param_value_len+1);
-             q = p + mp->namelen;
-             Ustrncpy(param_value, q, param_value_len);
+             while(*q && *q != ';')            /* ; terminates */
+               {
+               if (*q == '"')
+                 {
+                 q++;                          /* skip leading " */
+                 while(*q && *q != '"')        /* which protects ; */
+                   param_value = string_cat(param_value, &size, &ptr, q++, 1);
+                 if (*q) q++;                  /* skip trailing " */
+                 }
+               else
+                 param_value = string_cat(param_value, &size, &ptr, q++, 1);
+               }
+             param_value[ptr++] = '\0';
+             param_value_len = ptr;
+
              param_value = rfc2047_decode(param_value, check_rfc2047_length,
NULL, 32, &param_value_len, &q);
              debug_printf("Found %s MIME parameter in %s header, value is
'%s'\n", mp->name, mime_header_list[i].name, param_value);
              *((uschar **)(mp->value)) = param_value;

--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email