search

markov2 / perl5-Mail-Message

Processing MIME messages
http://perl.overmeer.net/CPAN
1 stars 1 forks source link

Multipart parsing erases empty preamble #18

Closed jbalazerpfpt closed 1 year ago

jbalazerpfpt commented 1 year ago

Under RFC 2046, a multipart body can have no preamble, or a preamble that is separated from the first boundary delimiter by a CRLF. The preamble can be empty, in which case there is a single blank line at the beginning of the multipart body before the first boundary delimiter. For such a message, Mail::Message::Body::Multipart::read will ignore the preamble, effectively erasing that blank line when the body is printed. Such modification of a message can cause message signature validation to fail.

This is how I would fix the bug, with a change to Mail::Box::Parser::Perl::_read_stripped_lines:

--- Perl.pm.orig        2023-08-23 21:57:17.539232700 -0700
+++ Perl.pm     2023-08-23 22:03:11.183477000 -0700
@@ -173,7 +173,13 @@
         }

         if(@$lines && $lines->[-1] =~ s/(\r?\n)\z//)
-        {   pop @$lines if @seps==1 && length($lines->[-1])==0;
+        {   # Don't pop the only line, because
+            # Mail::Message::Body::Multipart::read needs to be able to
+            # distinguish between no preamble (no lines before the first
+            # boundary delimiter) and an empty preamble (one empty line before
+            # the first boundary delimiter) to preserve an empty preamble
+            # and the EOL character that goes between it and the delimiter.
+            pop @$lines if @seps==1 && length($lines->[-1])==0 && @$lines>1;
         }
     }
     else # File without separators.

But please note that I haven't actually tested this fix on your code because we use our own optimized C implementation in Perl XS that mirrors the logic of Mail::Box::Parser::Perl::_read_stripped_lines. Incidentally, you can have our _read_stripped_lines C code if you want it, but it looks like you already have something similar in perl5-Mail-Box-Parser-C/C.xs. (And you might need the same fix there.)

empty_preamble_multipart_test_message.eml.txt

markov2 commented 1 year ago

Accepted.

I have no idea what to change in Mail::Box::Parser::C

markov2 commented 1 year ago

fixed with the release of 3.014

gregoa commented 10 months ago

This commit breaks Mail-Box's testsuite; cf. https://rt.cpan.org/Ticket/Display.html?id=150141