------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1558
Summary: MIME ACL crash not completely fixed
Product: Exim
Version: 4.84
Platform: All
OS/Version: Linux
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
AssignedTo: jgh146exb@???
ReportedBy: _@maxb.eu
CC: exim-dev@???
The MIME ACL crash in 4.84 has had an attempt to fix committed to Git, but it
is not complete.
I observe crashes still using 4.84 + 93cad488 from Git, when processing a mail
containing this MIME-part header:
Content-Type: text/html;
charset=UTF-8;
name=""
The quoted empty parameter is the issue.
Looking at the affected code in mime.c, it would appear that the local variable
param_value_len, used to perform pointer arithmetic to advance past the parsed
parameter, is being computed incorrectly when quotes are present.
It is also computed incorrectly if rfc2047_decode finds anything decode, as it
is passed by reference to rfc2047_decode to be modified, but the length of the
raw undecoded string is what is needed here.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
