search

jstedfast / gmime

A C/C++ MIME creation and parser library with support for S/MIME, PGP, and Unix mbox spools.
GNU Lesser General Public License v2.1
113 stars 36 forks source link

Parser error detection: false negative #89

Closed albrechtd closed 4 years ago

albrechtd commented 4 years ago

I noticed that for some broken messages I picked up in the wild, the new header parser introduced as fix for #78 does not emit an error message. This seems to happen if the very first header of a message part is broken. E.g. for the following minimal example message

From: sender@some.org
To: rcpt@some.org
Content-Type: multipart/mixed; boundary=sep
Subject: POC part header false negative

--sep
Undetected broken header
Content-Type: text/plain

Part body
--sep--

the application examples/msgcheck as of version 3.2.5 detects

./test.mbx: message contains 1 RFC violations:
offset 131: [9] invalid header name, parser may skip the message or parts of it: 'Undetected broken header'

whilst the latest git (or release 3.2.6) says

./test.mbx: message looks benign

Apparently, all broken top-level (message) headers as well as all other broken part headers (i.e. except for the first one) are detected properly.

jstedfast commented 4 years ago

Thanks, I had a feeling there was a case I missed.

albrechtd commented 4 years ago

I can confirm that the latest git version fixes the issue for my test set of semi-broken messages collected in the wild. Thanks a lot for you quick fix! Best, Albrecht.