[exim-cvs] Fix parsing of quoted parameter values in MIME he…

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Fix parsing of quoted parameter values in MIME headers. Bug 1513
Gitweb: http://git.exim.org/exim.git/commitdiff/4fd5d2bf25195969b9c6a6c23a59c495400ece8d
Commit:     4fd5d2bf25195969b9c6a6c23a59c495400ece8d
Parent:     91664d8f02e873e8d39ef46ed0e65ea26cf11232
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Jul 30 21:42:38 2014 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Jul 30 21:42:38 2014 +0100


    Fix parsing of quoted parameter values in MIME headers.  Bug 1513
---
 src/src/mime.c |   26 +++++++++++++++++++-------
 1 files changed, 19 insertions(+), 7 deletions(-)


diff --git a/src/src/mime.c b/src/src/mime.c
index 6a9e31a..95d3da4 100644
--- a/src/src/mime.c
+++ b/src/src/mime.c
@@ -601,16 +601,28 @@ NEXT_PARAM_SEARCH:
         int param_value_len = 0;


         /* found an interesting parameter? */
-        if (strncmpic(mp->name, p,mp->namelen) == 0)
+        if (strncmpic(mp->name, p, mp->namelen) == 0)
           {
           uschar *q = p + mp->namelen;
+          int size = 0;
+          int ptr = 0;
+
           /* yes, grab the value and copy to its corresponding expansion variable */
-          while(*q != ';') q++;
-          param_value_len = (q - (p + mp->namelen));
-          param_value = (uschar *)malloc(param_value_len+1);
-          memset(param_value,0,param_value_len+1);
-          q = p + mp->namelen;
-          Ustrncpy(param_value, q, param_value_len);
+          while(*q && *q != ';')        /* ; terminates */
+        {
+        if (*q == '"')
+          {
+          q++;                /* skip leading " */
+          while(*q && *q != '"')    /* which protects ; */
+            param_value = string_cat(param_value, &size, &ptr, q++, 1);
+          if (*q) q++;            /* skip trailing " */
+          }
+        else
+          param_value = string_cat(param_value, &size, &ptr, q++, 1);
+        }
+          param_value[ptr++] = '\0';
+          param_value_len = ptr;
+
           param_value = rfc2047_decode(param_value, check_rfc2047_length, NULL, 32, &param_value_len, &q);
           debug_printf("Found %s MIME parameter in %s header, value is '%s'\n", mp->name, mime_header_list[i].name, param_value);
           *((uschar **)(mp->value)) = param_value;