[Dbmail] Buglet in mime.c?

Tue, 15 Oct 2002 03:36:21 +0200 (CEST) 

It looks like:

    if (strncasecmp((*mr)->field, fname, strlen(fname)) == 0)

in mime.c should be:

    if (strcasecmp((*mr)->field, fname) == 0)

unless there is a reason for using strncasecmp...
There are several other uses of strncasecmp throughout the code, so I am a little worried about my conclusion. If I am right, it may be worth reviewing it's use (and the use of strncmp) elsewhere. 


Some background:
================
We use IMP 3.1 to allow web browsing of our DBMail database, but the sender of all messages are displayed as 'SYNTAX-ERROR'; I have found the cause (& solution), but am not sure if it is the right solution, so would appreciate some input. 

Messages enter our DBMail database via the following route:

    postfix->antivirus->postfix->dbmail->spamd->dbmail-smtp

The actual format of the header block for most messages is something like:

    From [EMAIL PROTECTED]  Tue Oct 15 11:16:37 2002
    Received: from ...etc
    Message-ID: <[EMAIL PROTECTED]>
    Date: Tue, 15 Oct 2002 11:16:10 +1000
    To: [EMAIL PROTECTED]
    From: Philip Warner <[EMAIL PROTECTED]>
    Subject: another test
    Mime-Version: 1.0

(note the 'From pjw...' part).
The problem happens the parsing of these messages results in a bogus mime header based on the first line. In the above case the header name would be: 

    "From [EMAIL PROTECTED]  Tue Oct 15 11"
ie. everything, including spaces, up to the first colon (which is, AFAICT, correct according to RFC822).
One possibility is that we should not be storing the 'From pjw...' part, but I am not sure if that is right.
However, the code that finds mime headers, mime_findfield in mime.c, does seem to have a problem. It uses the following comparison: 

    if (strncasecmp((*mr)->field, fname, strlen(fname)) == 0)
where fname is the field being searched for (eg. 'from'). Unfortunately, this code will match *any* header that starts with 'from', which seems like a bug. It will also read past the end of buffers if fname is longer than (*mr)->field. 

Changing the above code to:

    if (strcasecmp((*mr)->field, fname) == 0)
fixed the IMAP problem for me, but I presume strncasecmp was used for a reason... 







----------------------------------------------------------------
Philip Warner                    |     __---_____
Albatross Consulting Pty. Ltd.   |----/       -  \
(A.B.N. 75 008 659 498)          |          /(@)   ______---_
Tel: (+61) 0500 83 82 81         |                 _________  \
Fax: (+61) 0500 83 82 82         |                 ___________ |
Http://www.rhyme.com.au          |                /           \|
                                 |    --________--
PGP key available upon request,  |  /
and from pgp5.ai.mit.edu:11371   |/

Reply via email to