You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by bt...@apache.org on 2022/05/19 08:11:12 UTC
[james-mime4j] branch master updated: MIME4J-316 Parts missing in case of a specific combination of boundaries
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-mime4j.git
The following commit(s) were added to refs/heads/master by this push:
new 7e23d5e1 MIME4J-316 Parts missing in case of a specific combination of boundaries
7e23d5e1 is described below
commit 7e23d5e1cc2bd77f3e5129622472b995cd3f034e
Author: Thomas Fricker <to...@googlemail.com>
AuthorDate: Thu May 19 10:11:08 2022 +0200
MIME4J-316 Parts missing in case of a specific combination of boundaries
The problem can be reproduced by parsing a very specific email structure, where
an inner boundary matches the name of another outer boundary followed by a "-" character.
In the following example, the attached pdf file will be ignored by the parser.
Merge pull request #2 from bluemind-net/bugfix/BM-18542 (#71)
BM-18542 Fix: check for -- boundary ending
Thanks @tommix000 for the fix.
---
.../james/mime4j/io/MimeBoundaryInputStream.java | 7 ++-
.../resources/testmsgs/boundary-name-clash.msg | 36 +++++++++++++
.../resources/testmsgs/boundary-name-clash.out | 37 +++++++++++++
.../resources/testmsgs/boundary-name-clash.xml | 61 ++++++++++++++++++++++
.../testmsgs/boundary-name-clash_decoded.xml | 49 +++++++++++++++++
.../testmsgs/boundary-name-clash_decoded_1_1_1.txt | 1 +
.../testmsgs/boundary-name-clash_decoded_1_1_2.txt | 9 ++++
.../testmsgs/boundary-name-clash_decoded_1_2.bin | 4 ++
8 files changed, 202 insertions(+), 2 deletions(-)
diff --git a/core/src/main/java/org/apache/james/mime4j/io/MimeBoundaryInputStream.java b/core/src/main/java/org/apache/james/mime4j/io/MimeBoundaryInputStream.java
index 6eaa1edc..88cdfc08 100644
--- a/core/src/main/java/org/apache/james/mime4j/io/MimeBoundaryInputStream.java
+++ b/core/src/main/java/org/apache/james/mime4j/io/MimeBoundaryInputStream.java
@@ -244,11 +244,14 @@ public class MimeBoundaryInputStream extends LineReaderInputStream {
// Make sure the boundary is terminated with EOS
break;
} else {
- // or with a whitespace or '-' char
+ // or with a whitespace or '--'
char ch = (char)(buffer.byteAt(pos));
- if (CharsetUtil.isWhitespace(ch) || ch == '-') {
+ if (CharsetUtil.isWhitespace(ch)) {
break;
}
+ if (ch == '-' && remaining > 1 && (char)(buffer.byteAt(pos+1)) == '-') {
+ break;
+ }
}
}
off = i + boundary.length;
diff --git a/core/src/test/resources/testmsgs/boundary-name-clash.msg b/core/src/test/resources/testmsgs/boundary-name-clash.msg
new file mode 100644
index 00000000..47580f7b
--- /dev/null
+++ b/core/src/test/resources/testmsgs/boundary-name-clash.msg
@@ -0,0 +1,36 @@
+Subject: test
+MIME-Version: 1.0
+Content-Type: multipart/mixed;
+ boundary="--boundary.1652331600846930886"
+
+----boundary.1652331600846930886
+Content-Type: multipart/alternative;
+ boundary="--boundary.1652331600846930886-1"
+
+----boundary.1652331600846930886-1
+Content-Type: text/plain; charset=utf-8
+
+Please see attachment for report Daily_Stats-2022-05-12-0700
+----boundary.1652331600846930886-1
+Content-Type: text/html; charset=utf-8
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html lang="en">
+ <head>
+ <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+ </head>
+ <body>
+ <p>Please see attachment for report Daily_Stats-2022-05-12-0700.</p>
+ </body>
+</html>
+----boundary.1652331600846930886-1--
+----boundary.1652331600846930886
+Content-Type: application/pdf;
+ name="Daily_Stats-2022-05-12-0700.pdf"
+Content-Transfer-Encoding: base64
+Content-Disposition: Attachment;
+ filename="Daily_Stats-2022-05-12-0700.pdf"
+
+JVBERi0xLj4Kc3RhcnR4cmVmCjUzNjEwCiUlRU9GCg==
+
+----boundary.1652331600846930886--
diff --git a/core/src/test/resources/testmsgs/boundary-name-clash.out b/core/src/test/resources/testmsgs/boundary-name-clash.out
new file mode 100644
index 00000000..29a71831
--- /dev/null
+++ b/core/src/test/resources/testmsgs/boundary-name-clash.out
@@ -0,0 +1,37 @@
+Subject: test
+MIME-Version: 1.0
+Content-Type: multipart/mixed;
+ boundary="--boundary.1652331600846930886"
+
+----boundary.1652331600846930886
+Content-Type: multipart/alternative;
+ boundary="--boundary.1652331600846930886-1"
+
+----boundary.1652331600846930886-1
+Content-Type: text/plain; charset=utf-8
+
+Please see attachment for report Daily_Stats-2022-05-12-0700
+----boundary.1652331600846930886-1
+Content-Type: text/html; charset=utf-8
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html lang="en">
+ <head>
+ <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+ </head>
+ <body>
+ <p>Please see attachment for report Daily_Stats-2022-05-12-0700.</p>
+ </body>
+</html>
+----boundary.1652331600846930886-1--
+
+----boundary.1652331600846930886
+Content-Type: application/pdf;
+ name="Daily_Stats-2022-05-12-0700.pdf"
+Content-Transfer-Encoding: base64
+Content-Disposition: Attachment;
+ filename="Daily_Stats-2022-05-12-0700.pdf"
+
+JVBERi0xLj4Kc3RhcnR4cmVmCjUzNjEwCiUlRU9GCg==
+
+----boundary.1652331600846930886--
diff --git a/core/src/test/resources/testmsgs/boundary-name-clash.xml b/core/src/test/resources/testmsgs/boundary-name-clash.xml
new file mode 100644
index 00000000..0a5b8059
--- /dev/null
+++ b/core/src/test/resources/testmsgs/boundary-name-clash.xml
@@ -0,0 +1,61 @@
+<message>
+<header>
+<field>
+Subject: test</field>
+<field>
+MIME-Version: 1.0</field>
+<field>
+Content-Type: multipart/mixed;
+ boundary="--boundary.1652331600846930886"</field>
+</header>
+<multipart>
+<body-part>
+<header>
+<field>
+Content-Type: multipart/alternative;
+ boundary="--boundary.1652331600846930886-1"</field>
+</header>
+<multipart>
+<body-part>
+<header>
+<field>
+Content-Type: text/plain; charset=utf-8</field>
+</header>
+<body>
+Please see attachment for report Daily_Stats-2022-05-12-0700</body>
+</body-part>
+<body-part>
+<header>
+<field>
+Content-Type: text/html; charset=utf-8</field>
+</header>
+<body>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html lang="en">
+ <head>
+ <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+ </head>
+ <body>
+ <p>Please see attachment for report Daily_Stats-2022-05-12-0700.</p>
+ </body>
+</html></body>
+</body-part>
+</multipart>
+</body-part>
+<body-part>
+<header>
+<field>
+Content-Type: application/pdf;
+ name="Daily_Stats-2022-05-12-0700.pdf"</field>
+<field>
+Content-Transfer-Encoding: base64</field>
+<field>
+Content-Disposition: Attachment;
+ filename="Daily_Stats-2022-05-12-0700.pdf"</field>
+</header>
+<body>
+JVBERi0xLj4Kc3RhcnR4cmVmCjUzNjEwCiUlRU9GCg==
+</body>
+</body-part>
+</multipart>
+</message>
diff --git a/core/src/test/resources/testmsgs/boundary-name-clash_decoded.xml b/core/src/test/resources/testmsgs/boundary-name-clash_decoded.xml
new file mode 100644
index 00000000..631493ef
--- /dev/null
+++ b/core/src/test/resources/testmsgs/boundary-name-clash_decoded.xml
@@ -0,0 +1,49 @@
+<message>
+<header>
+<field>
+Subject: test</field>
+<field>
+MIME-Version: 1.0</field>
+<field>
+Content-Type: multipart/mixed;
+ boundary="--boundary.1652331600846930886"</field>
+</header>
+<multipart>
+<body-part>
+<header>
+<field>
+Content-Type: multipart/alternative;
+ boundary="--boundary.1652331600846930886-1"</field>
+</header>
+<multipart>
+<body-part>
+<header>
+<field>
+Content-Type: text/plain; charset=utf-8</field>
+</header>
+<text-body name="boundary-name-clash_decoded_1_1_1.txt"/>
+</body-part>
+<body-part>
+<header>
+<field>
+Content-Type: text/html; charset=utf-8</field>
+</header>
+<text-body name="boundary-name-clash_decoded_1_1_2.txt"/>
+</body-part>
+</multipart>
+</body-part>
+<body-part>
+<header>
+<field>
+Content-Type: application/pdf;
+ name="Daily_Stats-2022-05-12-0700.pdf"</field>
+<field>
+Content-Transfer-Encoding: base64</field>
+<field>
+Content-Disposition: Attachment;
+ filename="Daily_Stats-2022-05-12-0700.pdf"</field>
+</header>
+<binary-body name="boundary-name-clash_decoded_1_2.bin"/>
+</body-part>
+</multipart>
+</message>
diff --git a/core/src/test/resources/testmsgs/boundary-name-clash_decoded_1_1_1.txt b/core/src/test/resources/testmsgs/boundary-name-clash_decoded_1_1_1.txt
new file mode 100644
index 00000000..40c2f0e3
--- /dev/null
+++ b/core/src/test/resources/testmsgs/boundary-name-clash_decoded_1_1_1.txt
@@ -0,0 +1 @@
+Please see attachment for report Daily_Stats-2022-05-12-0700
\ No newline at end of file
diff --git a/core/src/test/resources/testmsgs/boundary-name-clash_decoded_1_1_2.txt b/core/src/test/resources/testmsgs/boundary-name-clash_decoded_1_1_2.txt
new file mode 100644
index 00000000..289f5ae8
--- /dev/null
+++ b/core/src/test/resources/testmsgs/boundary-name-clash_decoded_1_1_2.txt
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html lang="en">
+ <head>
+ <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+ </head>
+ <body>
+ <p>Please see attachment for report Daily_Stats-2022-05-12-0700.</p>
+ </body>
+</html>
\ No newline at end of file
diff --git a/core/src/test/resources/testmsgs/boundary-name-clash_decoded_1_2.bin b/core/src/test/resources/testmsgs/boundary-name-clash_decoded_1_2.bin
new file mode 100644
index 00000000..92008398
--- /dev/null
+++ b/core/src/test/resources/testmsgs/boundary-name-clash_decoded_1_2.bin
@@ -0,0 +1,4 @@
+%PDF-1.>
+startxref
+53610
+%%EOF
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org