11 messages in net.sourceforge.lists.courier-users[courier-users] Re: bug report: Couri...
FromSent OnAttachments
jbac...@telcordia.comApr 5, 2001 1:43 am 
Sam VarshavchikApr 5, 2001 2:22 pm 
Leonid AndreevApr 5, 2001 4:23 pm 
Sam VarshavchikApr 5, 2001 4:30 pm 
Wolfgang KäßApr 5, 2001 4:58 pm 
Wolfgang KäßApr 5, 2001 4:58 pm 
Sam VarshavchikApr 5, 2001 6:18 pm 
Leonid AndreevApr 5, 2001 6:43 pm 
Sam VarshavchikApr 5, 2001 7:06 pm 
Wolfgang KäßApr 6, 2001 6:36 am 
Leonid AndreevApr 6, 2001 8:16 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:[courier-users] Re: bug report: Courier MIME parsing bug; 5-line patchActions...
From:Sam Varshavchik (mrs@courier-mta.com)
Date:Apr 5, 2001 6:18:13 pm
List:net.sourceforge.lists.courier-users

Leonid Andreev writes:

--=====================_93394015==_ --=====================_93394015==_.ALT

The piece of code responsible for this is in courier-0.33.0/rfc2045/rfc2045.c:

l=strlen(cb);

if (c[0] == '-' && c[1] == '-' && n >= 2+l && strncasecmp(cb, c+2, l) == 0) ^^^^^^^^^^^^^^^^^^^^^^

i.e., only the first L characters are compared, where L is the length

Absolutely correct. From RFC 2046, page 19:

==== NOTE TO IMPLEMENTORS: Boundary string comparisons must compare the boundary value with the beginning of each candidate line. An exact match of the entire candidate line is not required; it is sufficient that the boundary appear in its entirety following the CRLF. ====

In other words, if the boundary value is "xyz", then the sequence "<CR><LF>--xyz" is sufficient to identify a boundary, so a line with either "--xyz" and "--xyzfoo" will match the "xyz" boundary value.

A nested multipart MIME section that uses one boundary value that is an exact substring of an inner or an outer boundary value is invalid.

-- Sam