• src/smblib/smbtxt.c

    From rswindell@VERT to CVS commit on Wed Aug 8 11:14:00 2018
    src/smblib smbtxt.c 1.32 1.33
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/home/rswindell/sbbs/src/smblib

    Modified Files:
    smbtxt.c
    Log Message:
    Fix potential buffer overrun in mime_getattachment() when the MIME 'content-disposition' filename parameter is not terminated with a double-
    quote or semi-colon character.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Wed Aug 8 11:23:00 2018
    src/smblib smbtxt.c 1.33 1.34
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/home/rswindell/sbbs/src/smblib

    Modified Files:
    smbtxt.c
    Log Message:
    Additional fix to mime_getattachment() - terminate the filename at the
    first white-space character encountered.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Wed Apr 10 10:18:00 2019
    src/smblib smbtxt.c 1.36 1.37
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/home/rswindell/sbbs/src/smblib

    Modified Files:
    smbtxt.c
    Log Message:
    Ammendment to previous commit: "Content-type:" is already removed from
    the string being passed around.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Wed Apr 10 23:34:00 2019
    src/smblib smbtxt.c 1.38 1.39
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/tmp/cvs-serv9792

    Modified Files:
    smbtxt.c
    Log Message:
    Fix off-by-one stack corruption introduced in rev 1.35.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thu Apr 11 00:03:00 2019
    src/smblib smbtxt.c 1.39 1.40
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/tmp/cvs-serv15459

    Modified Files:
    smbtxt.c
    Log Message:
    smb_countattachments() now works - needed a filename buffer even though we don't care about filenames.
    smb/mime_getattachment() now supports filenames with spaces in them. If we need to strip or convert to short filenames, do that in the application/script code, not in smblib.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sat Apr 27 19:23:15 2019
    src/smblib smbtxt.c 1.40 1.41
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/tmp/cvs-serv2655

    Modified Files:
    smbtxt.c
    Log Message:
    Correctly detect a "last boundary delimeter":
    --<boundary>--

    Without this change, some attachment (e.g. from gmail) would not be correctly decoded because gmail would not insert any blank lines between the end of the nested multipart/alternative part and the beginning of the attachment part: --000000000000d75a0f058779bbb2--
    --000000000000d75a12058779bbb4
    Content-Type: image/jpeg;
    name="29571163_1640947089321419_3376478908098884084_n.jpg" Content-Disposition: attachment;
    filename="29571163_1640947089321419_3376478908098884084_n.jpg" Content-Transfer-Encoding: base64

    It looks (from RFC2046) like boundary delimeters should actually be: "\r\n--<boundary>", but I'll look into that later.


    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sat May 4 12:34:43 2019
    src/smblib smbtxt.c 1.43 1.44
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/tmp/cvs-serv21721

    Modified Files:
    smbtxt.c
    Log Message:
    Constify mime_getcontent() - don't modify the text buffer as that stops subsequent parsing (e.g. fall-back to html) to fail.


    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sat May 4 12:45:39 2019
    src/smblib smbtxt.c 1.44 1.45
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/tmp/cvs-serv26237

    Modified Files:
    smbtxt.c
    Log Message:
    Support multipart/report MIME content-type, from RFC3462:
    The syntax of Multipart/Report is identical to the Multipart/Mixed content type


    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sun May 5 00:12:49 2019
    src/smblib smbtxt.c 1.45 1.46
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/home/rswindell/sbbs/src/smblib

    Modified Files:
    smbtxt.c
    Log Message:
    Added NULL pointer (strdup failure) check for good measure.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sun May 5 14:33:28 2019
    src/smblib smbtxt.c 1.46 1.47
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/tmp/cvs-serv17219

    Modified Files:
    smbtxt.c
    Log Message:
    MIME header fields are case-insensitive. <sigh>
    So replace some strstr() calls with either (new local function) strStartWith_i()
    or strcasestr(), depending.
    strStartWith_i() return length of the matched word, so no need to sprinkle about magic numeric constants everywhere. The extra calls to strlen() are worth the code clarity / reliability, methinks.
    TODO: find out if there's a way to calculate the length of string-constants at compile-time (?).


    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Tue Nov 19 09:04:55 2019
    src/smblib smbtxt.c 1.48 1.49
    Update of /cvsroot/sbbs/src/smblib
    In directory cvs:/home/rswindell/sbbs/src/smblib

    Modified Files:
    smbtxt.c
    Log Message:
    Fix bug with MIME-attachment filename parsing when the filename is not terminated with either a double-quote or a semicolon character. If not
    enclosed in quotes, terminate on the first white-space char following the filename=.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to sbbs/master on Wed Nov 11 12:55:49 2020
    https://gitlab.synchro.net/sbbs/sbbs/-/commit/ad79c5916f7ccb3ea989eb8f
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Improved parsing of "charset" parameter in MIME Content-Type header.

    In Issue #177, the reported problem message header was "Content-Type: text/plain; charset=utf-8; format=flowed"
    The fact that the "charset" value was not quoted and not space delimited means the charset would have been parsed as "utf-8;", which would not provide an exact match (against "utf-8") in smb_msg_is_utf8() and thus the message body would not be considered to be utf-8 encoded.

    The solution is to terminate the "charset" parameter value at the semicolon, if it exists, and the value was not quoted.

    Also, for good measure, only search for " charset" or ";charset" to avoid false-positive parameter matches, like "notcharset".

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to sbbs/master on Wed Nov 11 15:47:42 2020
    https://gitlab.synchro.net/sbbs/sbbs/-/commit/6dd2aedbb8eaf5a939951bc1
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Fix crashing bug introduced in previous commit of this file

    Don't pass NULL to strcasestr().

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Wed Dec 9 20:33:34 2020
    https://gitlab.synchro.net/main/sbbs/-/commit/0c68700b9eab611daa7c0510
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Include comment headers in smb_getmsgtxt() returned buffer

    even when GETMSGTXT_PLAIN mode flag is used and the message contains a MIME-encoded plain-text portion. Obviously the GETMSGTXT_NO_HFIELDS exception still applies.

    The fixed problem was when forwarding a MIME-encoded email, the forwarding information (and user comment, if supplied) could be suppressed/lost.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Wed Jan 20 21:04:00 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/7b05a61321b1d432e9503924
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Fix new GCC warning about return type.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Fri Jan 22 20:18:32 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/d23ad38ab8face340c90f118
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Fix heap corruption in smb_getattachment() for blank attachments

    MSVC detected heap corruption from this function when the attachment was 0-bytes in length. Good catch.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Mar 13 14:54:21 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/3503816fa5247306ec9ef37b
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Replace sprintf() calls with safe_snprintf()

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Mar 13 14:54:21 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/6895c8daf038e7d39a2330eb
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Fix heap corruption of qp_decode()

    qp_decode (quoted-printable in-place decode of a string) could write 2 characters *beyond* the allocated buffer by appending "\r\n" to a string that was not quoted-printable in the first place. i.e. the contents of buf were not actually changed in the decode loop. This could result in a corrupted heap and crash of sbbs or smbutil when reading such a message.

    This change may result in a lack of CRLF appended to decoded plain text output, so we'll have to keep an eye out for that and resolve it some other way. One possibility could be to only append the CRLF if the destination pointer is sufficiently behind the source pointer.

    This solves the crash that Kirkman reported with a specific message in his "mail" base. The header for the message said it was quoted-printable encoded, but the body text was not actually encoded at all:
    OtherHeader Content-Type: text/plain; charset="iso-8859-1"
    OtherHeader MIME-Version: 1.0
    OtherHeader Content-Transfer-Encoding: quoted-printable

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Mon Apr 3 11:43:07 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/1ca7f708fe87ea825cb0e5af
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Fix decoding of tab-indented 'charset' of multi-part MIME text parts

    Apple Mail apparently uses tabs to indent the charset of nested MIME parts:

    e.g.
    --Apple-Mail-143B9F0C-6BB4-4C8E-869B-6DE05D6B58CE
    Content-Type: text/plain;
    <tab>charset=utf-8
    Content-Transfer-Encoding: quoted-printable

    This fixes issue #483 reported by Nelgin

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Sun May 7 18:42:12 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/6f3b22e63b6e18522be4585d
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Support non-quoted MIME Content-type boundary parameters (semicolon delimited)

    This should fix issue #559, for example:
    Content-Type: multipart/alternative;
    boundary=mk3-ebfa33c1cd454cc2b1c618f5d74b41af; charset=UTF-8

    We were assuming all boundary parameter values are quoted (apparently not
    true, see https://www.rfc-editor.org/rfc/rfc2046#section-5.1.1) - so support non-quoted boundary values which also may have a semicolon delimiter.

    Also, truncate any white-space from a boundary value (shouldn't be there per RFC2046).

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net