[exim-dev] [Bug 1558] New: MIME ACL crash not completely fix…

Top Page
Delete this message
Reply to this message
Author: Max Bowsher
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 1558] MIME ACL crash not completely fixed, [exim-dev] [Bug 1558] MIME ACL crash not completely fixed, [exim-dev] [Bug 1558] MIME ACL crash not completely fixed
Subject: [exim-dev] [Bug 1558] New: MIME ACL crash not completely fixed
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1558
           Summary: MIME ACL crash not completely fixed
           Product: Exim
           Version: 4.84
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: ACLs
        AssignedTo: jgh146exb@???
        ReportedBy: _@maxb.eu
                CC: exim-dev@???



The MIME ACL crash in 4.84 has had an attempt to fix committed to Git, but it
is not complete.

I observe crashes still using 4.84 + 93cad488 from Git, when processing a mail
containing this MIME-part header:

Content-Type: text/html;
        charset=UTF-8;
        name=""


The quoted empty parameter is the issue.

Looking at the affected code in mime.c, it would appear that the local variable
param_value_len, used to perform pointer arithmetic to advance past the parsed
parameter, is being computed incorrectly when quotes are present.

It is also computed incorrectly if rfc2047_decode finds anything decode, as it
is passed by reference to rfc2047_decode to be modified, but the length of the
raw undecoded string is what is needed here.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email