Closed isoftjs closed 7 years ago
The same issues appeared in the Debian BTS at: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857342
Do all those winmail.dat contain wrong data?
I'll need to investigate further. When originally developing TNEF I hit cases where the specification of MS-TNEF didn't match the reality of it. Perhaps this is another case, or one where the specification has changed and TNEF assumes older behavior.
The assertion was put in place in the interest of security, of not interpreting data incorrectly which may lead to data corruption or out-of-bounds reads etc. I don't want to relax the restriction without careful checking.
After some quick googling it appears that field type #31 maybe "unicode string" (type #30 is "string"). I'll check the data files next and if that appears to be the case we'll need to add this new type and handle it (probably in all places where string is currently handled).
@isoftjs & @alteholz can the attached data file here, or from the debian project be used by me as part of my test suite? The file would be committed to the code base as an example of this problem to ensure against regressions.
There are two problems happening here. The attached data file shows the problem file.c:176: file_add_mapi_attrs: Assertion
a->type == szMAPI_STRING' failed`.
The datafile from the linked to Debian ticket is not the same failure.
The second problem was amusing. It appears that for 12+ years TNEF has had a useful function for reading in unicode strings which was not used in mapi_read_attrs (in the GUID section). That code did its own odd hacky thing which is where the problem lay.
Using the useful utility appears to be fixing the problem.
@isoftjs & @alteholz can the attached data file here, or from the debian project be used by me as part of my test suite? The file would be committed to the code base as an example of this problem to ensure against regressions.
The attachment in the winmail.dat from the gist contains just some data from /dev/urandom so i'm OK with including it in the test suite.
@isoftjs & @alteholz can the attached data file here, or from the debian project be used by me as part of my test suite? The file would be committed to the code base as an example of this problem to ensure against regressions.
The original poster allowed to use the file from the Debian BTS in the test suite as well.
@alteholz excellent. I will hopefully have time this weekend to get those tests set up and a new release created.
Since Version 1.4.13 we get assertion failures while parsing a winmail.dat containing unicode strings.
Example winmail.dat with debug output from 1.4.12 and 1.4.13: https://gist.github.com/isoftjs/e7eb450b62abbd426b055a540b3685d2
Using 1.4.12:
Using 1.4.13:
When adding szMAPI_UNICODE_STRING to the assertion the file can be parsed:
With some debug printing after the changed assertion:
At first the issue was occurring with an incoming mail (which contains some sensitive information) with another assertion failure:
Using 1.4.12:
Using 1.4.13:
Then the assertion failure from the gist above will occur (
file.c:176: file_add_mapi_attrs: Assertion a->type == szMAPI_STRING failed.
)With some debugging: