From 5167bbfe39c4e87c6aeeafce4546ca19878b4fef Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Thu, 12 Nov 2020 15:24:20 +0100
Subject: rfc2045: ensure mime boundaries end with a newline or -

---
 rfc2045.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

(limited to 'rfc2045.c')

diff --git a/rfc2045.c b/rfc2045.c
index df48d57..2e29175 100644
--- a/rfc2045.c
+++ b/rfc2045.c
@@ -114,6 +114,26 @@ blaze822_mime_parameter(char *s, char *name, char **starto, char **stopo)
 	return 1;
 }
 
+// like mymemmem but check the match is followed by \r, \n or -.
+static char *
+mymemmemnl(const char *h0, size_t k, const char *n0, size_t l)
+{
+	char *r;
+
+	while (k && (r = mymemmem(h0, k, n0, l))) {
+		if (r - h0 < (long)(k - l) &&   // check if r[l] safe to access
+		    (r[l] == '\r' || r[l] == '\n' || r[l] == '-'))
+			return r;
+		else {
+			// skip over this match
+			k -= (r - h0) + 1;
+			h0 = r + 1;
+		}
+	}
+
+	return 0;
+}
+
 int
 blaze822_multipart(struct message *msg, struct message **imsg)
 {
@@ -144,7 +164,7 @@ blaze822_multipart(struct message *msg, struct message **imsg)
 	else
 		prevpart = msg->body;
 
-	char *part = mymemmem(prevpart, msg->bodyend - prevpart, mboundary, boundarylen);
+	char *part = mymemmemnl(prevpart, msg->bodyend - prevpart, mboundary, boundarylen);
 	if (!part)
 		return 0;
 
@@ -158,7 +178,7 @@ blaze822_multipart(struct message *msg, struct message **imsg)
 	else
 		return 0;   // XXX error condition?
 
-	char *nextpart = mymemmem(part, msg->bodyend - part, mboundary, boundarylen);
+	char *nextpart = mymemmemnl(part, msg->bodyend - part, mboundary, boundarylen);
 	if (!nextpart)
 		return 0;   // XXX error condition
 	if (nextpart == part)  // invalid empty MIME part
-- 
cgit 1.4.1