Gitweb:
http://git.exim.org/exim.git/commitdiff/4fd5d2bf25195969b9c6a6c23a59c495400ece8d
Commit: 4fd5d2bf25195969b9c6a6c23a59c495400ece8d
Parent: 91664d8f02e873e8d39ef46ed0e65ea26cf11232
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Jul 30 21:42:38 2014 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Wed Jul 30 21:42:38 2014 +0100
Fix parsing of quoted parameter values in MIME headers. Bug 1513
---
src/src/mime.c | 26 +++++++++++++++++++-------
1 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/src/mime.c b/src/src/mime.c
index 6a9e31a..95d3da4 100644
--- a/src/src/mime.c
+++ b/src/src/mime.c
@@ -601,16 +601,28 @@ NEXT_PARAM_SEARCH:
int param_value_len = 0;
/* found an interesting parameter? */
- if (strncmpic(mp->name, p,mp->namelen) == 0)
+ if (strncmpic(mp->name, p, mp->namelen) == 0)
{
uschar *q = p + mp->namelen;
+ int size = 0;
+ int ptr = 0;
+
/* yes, grab the value and copy to its corresponding expansion variable */
- while(*q != ';') q++;
- param_value_len = (q - (p + mp->namelen));
- param_value = (uschar *)malloc(param_value_len+1);
- memset(param_value,0,param_value_len+1);
- q = p + mp->namelen;
- Ustrncpy(param_value, q, param_value_len);
+ while(*q && *q != ';') /* ; terminates */
+ {
+ if (*q == '"')
+ {
+ q++; /* skip leading " */
+ while(*q && *q != '"') /* which protects ; */
+ param_value = string_cat(param_value, &size, &ptr, q++, 1);
+ if (*q) q++; /* skip trailing " */
+ }
+ else
+ param_value = string_cat(param_value, &size, &ptr, q++, 1);
+ }
+ param_value[ptr++] = '\0';
+ param_value_len = ptr;
+
param_value = rfc2047_decode(param_value, check_rfc2047_length, NULL, 32, ¶m_value_len, &q);
debug_printf("Found %s MIME parameter in %s header, value is '%s'\n", mp->name, mime_header_list[i].name, param_value);
*((uschar **)(mp->value)) = param_value;