Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

message.c: reject to parse MIME headers with NUL byte #5205

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

message.c: reject to parse MIME headers with NUL byte #5205

wants to merge 4 commits into from
+75 −54

Conversation

rsto
Copy link
Member

@rsto rsto commented Jan 9, 2025

Before, the parse continued but set incorrect header and body offsets for the body part. This resulted in log spam noting the discrepancy between the file size and header+body offsets, as well as a bogus in-memory MIME body structure.

@rsto rsto marked this pull request as draft January 9, 2025 13:44
@rsto rsto requested a review from ksmurchison January 9, 2025 14:27
@rsto rsto marked this pull request as ready for review January 9, 2025 14:27
@rsto rsto requested review from wolfsage and elliefm January 9, 2025 14:27
wolfsage
wolfsage reviewed Jan 9, 2025
View reviewed changes
imap/message.c
@@ -4956,7 +4969,8 @@ static int body_foreach_section(struct body *body, struct message *message,
msg.len = body->header_size;
msg.offset = 0;
msg.encode = 0;
message_parse_headers(&msg, tmpbody, "text/plain", &boundaries, NULL);
message_parse_headers(&msg, tmpbody, "text/plain", &boundaries,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kinda surprised we don't care about errors in parsing here

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here, we parse the headers for on an already parsed body-part here, e.g. these headers already were validated otherwise that body part wouldn't exist. We didn't check for errors previously here, because message_parse_headers didn't check for any.

It might be good to check for message_parse_headers errors here, too, but in case of errors it's a very different situation we are in: it means that an already accepted email on disk could now not be read anymore. We would need to treat this differently and I'd prefer to keep the damage radius of this change small.

elliefm
elliefm reviewed Jan 10, 2025
View reviewed changes
Copy link
Contributor

@elliefm elliefm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(couple of style nits)

imap/message.c Outdated Show resolved Hide resolved
cassandane/tiny-tests/JMAPEmail/email_import_zerobyte Outdated Show resolved Hide resolved
rsto added 4 commits January 10, 2025 09:53
@rsto
JMAPEmail: assert Email/import rejects NUL in MIME and body
a664611 
It does, but so far the test fails because of an IOERROR logged
while parsing the message.
@rsto
message.c: refactor parse_headers return value to "out" parameter
4f135ff
@rsto
message.c: reject to parse MIME headers with NUL byte
0f137e7 
Before, the parse continued but set incorrect header and
body offsets for the body part. This resulted in log spam
noting the discrepancy between the file size and header+body
offsets, as well as a bogus in-memory MIME body structure.
@rsto
message.c: log IOERROR with LOG_ERR level
f56c25f
@rsto rsto force-pushed the cyr-1302-message-c-parse-nul-mime-header branch from aeebe14 to f56c25f Compare January 10, 2025 08:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elliefm elliefm elliefm left review comments

@wolfsage wolfsage wolfsage left review comments

@ksmurchison ksmurchison ksmurchison approved these changes

Assignees
No one assigned
Labels
include-in-fastmail
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rsto @wolfsage @ksmurchison @elliefm