Bug #54529 for Mail-Box: mishandling a 0-length multipart preamble

Thu Feb 11 18:13:27 2010 JGMYERS [...] cpan.org - Ticket created

Subject:

mishandling a 0-length multipart preamble

The multipart parser does not distinguish between a 0-length preamble and an omitted preamble. Reading in a multipart with a 0-length preamble and then writing it out again causes the preamble to be deleted, breaking any enclosing digital signature. The attached patch contains a fix.

Subject:

Mail-Box-2.082-preamble.diff

diff -ru ./lib/Mail/Box/Parser/Perl.pm ../Mail-Box-2.082-2preamble/lib/Mail/Box/Parser/Perl.pm --- ./lib/Mail/Box/Parser/Perl.pm 2010-02-03 17:25:45.000000000 -0800 +++ ../Mail-Box-2.082-2preamble/lib/Mail/Box/Parser/Perl.pm 2010-02-04 10:14:10.000000000 -0800 @@ -170,10 +170,17 @@ push @$lines, $line; } - if(@$lines && $lines->[-1] =~ s/(\r?\n)\z//) - { $file->seek(-length($1), 1); - pop @$lines if length($lines->[-1])==0; - } + if(@$lines) + { + if ($lines->[-1] =~ s/(\r?\n)\z//) + { $file->seek(-length($1), 1); + pop @$lines if length($lines->[-1])==0; + } + } + else + { + $lines = undef; + } } else # File without separators. { $lines = ref $file eq 'Mail::Box::FastScalar' @@ -182,11 +189,11 @@ my $bodyend = $file->tell; - if($self->{MBPP_strip_gt}) + if($self->{MBPP_strip_gt} && $lines) { map { s/^\>(\>*From\s)/$1/ } @$lines; } - unless($self->{MBPP_trusted}) { s/\015$// for @$lines } + unless($self->{MBPP_trusted} || !$lines) { s/\015$// for @$lines } #warn "($bodyend, $msgend, ".@$lines, ")\n"; ($bodyend, $lines, $msgend); Only in ../Mail-Box-2.082-2preamble/lib/Mail/Box/Parser: Perl.pm~ diff -ru ./lib/Mail/Message/Body/Multipart.pm ../Mail-Box-2.082-2preamble/lib/Mail/Message/Body/Multipart.pm --- ./lib/Mail/Message/Body/Multipart.pm 2010-02-03 17:25:44.000000000 -0800 +++ ../Mail-Box-2.082-2preamble/lib/Mail/Message/Body/Multipart.pm 2010-02-04 10:11:08.000000000 -0800 @@ -240,7 +240,7 @@ ->read($parser, $head); $self->{MMBM_preamble} = $preamble - if defined $preamble && $preamble->nrLines > 0; + if defined $preamble; # Get the parts. @@ -265,7 +265,7 @@ ->read($parser, $head); $self->{MMBM_epilogue} = $epilogue - if defined $epilogue && $epilogue->nrLines > 0; + if defined $epilogue; my $end = defined $epilogue ? ($epilogue->fileLocation)[1] : @parts ? ($parts[-1]->fileLocation)[1] Only in ../Mail-Box-2.082-2preamble/lib/Mail/Message/Body: Multipart.pm~

Thu Feb 11 18:18:45 2010 solutions [...] overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #54529] mishandling a 0-length multipart preamble
Date:	Fri, 12 Feb 2010 00:17:48 +0100
To:	JGMYERS via RT <bug-Mail-Box [...] rt.cpan.org>
From:	Mark Overmeer <solutions [...] overmeer.net>

* JGMYERS via RT (bug-Mail-Box@rt.cpan.org) [100211 23:13]: Show quoted text

> Thu Feb 11 18:13:27 2010: Request 54529 was acted upon. > Transaction: Ticket created by JGMYERS > Queue: Mail-Box > Subject: mishandling a 0-length multipart preamble > Broken in: 2.082 > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=54529 > > > The multipart parser does not distinguish between a 0-length preamble > and an omitted preamble. Reading in a multipart with a 0-length > preamble and then writing it out again causes the preamble to be > deleted, breaking any enclosing digital signature.

If I remember well (it was a long time ago that I read the specs) the content of the preamble is totally useless and without meaning. So, probably it should not be included in the signing... On the other hand, this also eases the path to take your patch, because people cannot complain that the preamble changes. Looks a valid change. -- Thanks for your contribution, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Thu Feb 11 18:18:50 2010 The RT System itself - Status changed from 'new' to 'open'

Thu Feb 11 18:26:57 2010 solutions [...] overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #54529] mishandling a 0-length multipart preamble
Date:	Fri, 12 Feb 2010 00:26:01 +0100
To:	JGMYERS via RT <bug-Mail-Box [...] rt.cpan.org>
From:	Mark Overmeer <solutions [...] overmeer.net>

* JGMYERS via RT (bug-Mail-Box@rt.cpan.org) [100211 23:13]: Show quoted text

> Thu Feb 11 18:13:27 2010: Request 54529 was acted upon. > Transaction: Ticket created by JGMYERS > Queue: Mail-Box > Subject: mishandling a 0-length multipart preamble > Broken in: 2.082 > Severity: Normal > Owner: Nobody > Requestors: JGMYERS@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=54529 > > > The multipart parser does not distinguish between a 0-length preamble > and an omitted preamble. Reading in a multipart with a 0-length > preamble and then writing it out again causes the preamble to be > deleted, breaking any enclosing digital signature. > > The attached patch contains a fix.

The patch produces crashes in the regression tests. -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Thu Feb 11 20:36:01 2010 JGMYERS [...] cpan.org - Correspondence added

Show quoted text

> The patch produces crashes in the regression tests.

Could you be more specific? It's passing for me on 2.093 (except for 55locking/90multi which fails even without the patch). On 2.082, the harness won't run at all even without the patch due to an apparent failure to import TAP::Parser::Aggregator.

Fri Feb 26 13:03:12 2010 JGMYERS [...] cpan.org - Correspondence added

The patch needed more work in the handling of epilogues. It now handles the difference between a 0-length and an omitted epilogue and changes the default for new multiparts to have a 0-length epilogue (which is what it used to generate).

Subject:

Mail-Box-2.082-preamble.patch

diff -ru ./lib/Mail/Box/Parser/Perl.pm ../Mail-Box-2.082-2preamble/lib/Mail/Box/Parser/Perl.pm --- ./lib/Mail/Box/Parser/Perl.pm 2010-02-03 17:25:45.000000000 -0800 +++ ../Mail-Box-2.082-2preamble/lib/Mail/Box/Parser/Perl.pm 2010-02-04 10:14:10.000000000 -0800 @@ -170,10 +170,17 @@ push @$lines, $line; } - if(@$lines && $lines->[-1] =~ s/(\r?\n)\z//) - { $file->seek(-length($1), 1); - pop @$lines if length($lines->[-1])==0; - } + if(@$lines) + { + if ($lines->[-1] =~ s/(\r?\n)\z//) + { $file->seek(-length($1), 1); + pop @$lines if length($lines->[-1])==0; + } + } + else + { + $lines = undef; + } } else # File without separators. { $lines = ref $file eq 'Mail::Box::FastScalar' @@ -182,11 +189,11 @@ my $bodyend = $file->tell; - if($self->{MBPP_strip_gt}) + if($self->{MBPP_strip_gt} && $lines) { map { s/^\>(\>*From\s)/$1/ } @$lines; } - unless($self->{MBPP_trusted}) { s/\015$// for @$lines } + unless($self->{MBPP_trusted} || !$lines) { s/\015$// for @$lines } #warn "($bodyend, $msgend, ".@$lines, ")\n"; ($bodyend, $lines, $msgend); Only in ../Mail-Box-2.082-2preamble/lib/Mail/Box/Parser: Perl.pm~ diff -ru ./lib/Mail/Message/Body/Multipart.pm ../Mail-Box-2.082-2preamble/lib/Mail/Message/Body/Multipart.pm --- ./lib/Mail/Message/Body/Multipart.pm 2010-02-03 17:25:44.000000000 -0800 +++ ../Mail-Box-2.082-2preamble/lib/Mail/Message/Body/Multipart.pm 2010-02-25 09:21:19.000000000 -0800 @@ -44,6 +44,7 @@ if defined $preamble && ! ref $preamble; my $epilogue = $args->{epilogue}; + $epilogue = '' unless exists($args->{epilogue}); $epilogue = Mail::Message::Body->new(data => $epilogue) if defined $epilogue && ! ref $epilogue; @@ -92,7 +93,7 @@ sub nrLines() { my $self = shift; - my $nr = 1; # trailing boundary + my $nr = 0; if(my $preamble = $self->preamble) { $nr += $preamble->nrLines; @@ -104,7 +105,7 @@ $nr++ if $part->body->endsOnNewline; } - if(my $epilogue = $self->epilogue) { $nr += $epilogue->nrLines } + if(my $epilogue = $self->epilogue) { $nr += $epilogue->nrLines + 1} $nr; } @@ -112,13 +113,13 @@ { my $self = shift; my $bbytes = length($self->boundary) +4; # \n--$b\n - my $bytes = $bbytes +2; # last boundary, \n--$b--\n + my $bytes = $bbytes +1; # last boundary, \n--$b-- if(my $preamble = $self->preamble) { $bytes += $preamble->size } else { $bytes -= 1 } # no leading \n $bytes += $bbytes + $_->size foreach $self->parts('ACTIVE'); - if(my $epilogue = $self->epilogue) { $bytes += $epilogue->size } + if(my $epilogue = $self->epilogue) { $bytes += $epilogue->size + 1} $bytes; } @@ -145,9 +146,10 @@ if(!@lines) { ; } elsif($lines[-1] =~ m/\n$/) { push @lines, "\n" } else { $lines[-1] .= "\n" } - push @lines, "--$boundary--\n"; + push @lines, "--$boundary--"; my $epilogue = $self->epilogue; + $lines[-1] .= "\n" if $epilogue; push @lines, $epilogue->lines if $epilogue; wantarray ? @lines : \@lines; @@ -180,7 +182,7 @@ $part->print($out); } print $out "\n" if $count++; - print $out "--$boundary--\n"; + print $out "--$boundary--"; } else { foreach my $part ($self->parts('ACTIVE')) @@ -189,10 +191,10 @@ $part->print($out); } $out->print("\n") if $count++; - $out->print("--$boundary--\n"); + $out->print("--$boundary--"); } - if(my $epilogue = $self->epilogue) { $epilogue->print($out) } + if(my $epilogue = $self->epilogue) { $out->print("\n"); $epilogue->print($out) } $self; } @@ -240,7 +242,7 @@ ->read($parser, $head); $self->{MMBM_preamble} = $preamble - if defined $preamble && $preamble->nrLines > 0; + if defined $preamble; # Get the parts. @@ -265,10 +267,10 @@ ->read($parser, $head); $self->{MMBM_epilogue} = $epilogue - if defined $epilogue && $epilogue->nrLines > 0; + if defined $epilogue; my $end = defined $epilogue ? ($epilogue->fileLocation)[1] - : @parts ? ($parts[-1]->fileLocation)[1] + : @parts ? ($parts[-1]->body->fileLocation)[1] : defined $preamble ? ($preamble->fileLocation)[1] : $begin; Only in ../Mail-Box-2.082-2preamble/lib/Mail/Message/Body: Multipart.pm~ diff -ru ./lib/Mail/Message/Body/Multipart.pod ../Mail-Box-2.082-2preamble/lib/Mail/Message/Body/Multipart.pod --- ./lib/Mail/Message/Body/Multipart.pod 2010-02-03 17:25:44.000000000 -0800 +++ ../Mail-Box-2.082-2preamble/lib/Mail/Message/Body/Multipart.pod 2010-02-25 09:24:03.000000000 -0800 @@ -85,7 +85,7 @@ description Mail::Message::Body undef disposition Mail::Message::Body undef eol Mail::Message::Body 'NATIVE' - epilogue undef + epilogue '' file Mail::Message::Body undef log Mail::Reporter 'WARNINGS' message Mail::Message::Body undef Only in ../Mail-Box-2.082-2preamble/lib/Mail/Message/Body: Multipart.pod~ Only in ../Mail-Box-2.082-2preamble/: Makefile.old Only in ../Mail-Box-2.082-2preamble/tests: msg-15830-1.txt Only in ../Mail-Box-2.082-2preamble/tests: msg-19215-1.txt Only in ./tests: msg-22165-1.txt

Thu Jun 03 03:46:41 2010 MARKOV [...] cpan.org - Correspondence added

got fixed in 2.094

Thu Jun 03 03:46:41 2010 MARKOV [...] cpan.org - Status changed from 'open' to 'resolved'