| Summary | Incorrectly parses RFC 822 headers that have whitespace |
| Queue | Horde Framework Packages |
| Queue Version | Git master |
| Type | Bug |
| State | Resolved |
| Priority | 1. Low |
| Owners | slusarz (at) horde (dot) org |
| Requester | stuart.carnie (at) gmail (dot) com |
| Created | 04/18/2013 (4460 days ago) |
| Due | |
| Updated | 04/18/2013 (4460 days ago) |
| Assigned | 04/18/2013 (4460 days ago) |
| Resolved | 04/18/2013 (4460 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
State ⇒ Resolved
Not going to concern myself whether this is legal or not, since the
fact is that some people are sending messages this way and it doesn't
prevent us from correctly parsing the rest of the message.
commit 08976e0792c6d853b766a51f98baa393bc345239
Author: Michael M Slusarz <slusarz@horde.org>
Date: Thu Apr 18 14:44:28 2013 -0600
[mms] Fix parsing wrapped header lines that contain no atom data
(
Bug #12189).framework/Mime/lib/Horde/Mime/Headers.php | 2 +-
framework/Mime/package.xml | 12 +++++++-----
framework/Mime/test/Horde/Mime/HeadersTest.php | 8 ++++++++
.../Horde/Mime/fixtures/header_trailing_ws.txt | 6 ++++++
4 files changed, 22 insertions(+), 6 deletions(-)
http://git.horde.org/horde-git/-/commit/08976e0792c6d853b766a51f98baa393bc345239
obsoletes 2822) is the current; my apologies. In section 2.1 General
Description, it still refers to the separation as an empty line:
A message consists of header fields (collectively called "the header
section of the message") followed, optionally, by a body. The header
section is a sequence of lines of characters with special syntax as
defined in this specification. The body is simply a sequence of
characters that follows the header section and is separated from the
header section by an empty line (i.e., a line with nothing preceding
the CRLF).
Cheers,
Stu
I'll need to look into RFC 5322 to see if this is allowable. At a
minimum, this is an example of a sub-standard MUA sending these kind
of messages (it makes 0 sense to have trailing whitespace in an
unstructured header).
State ⇒ Assigned
Priority ⇒ 1. Low
Assigned to Michael Slusarz
I'll need to look into RFC 5322 to see if this is allowable. At a
minimum, this is an example of a sub-standard MUA sending these kind
of messages (it makes 0 sense to have trailing whitespace in an
unstructured header).
$val = rtrim($val, "\r\n");
Priority ⇒ 3. High
State ⇒ Unconfirmed
Patch ⇒ No
Milestone ⇒
Queue ⇒ Horde Framework Packages
Summary ⇒ Incorrectly parses RFC 822 headers that have whitespace
Type ⇒ Bug
per section 3.1 (http://tools.ietf.org/html/rfc822#section-3.1) states
headers are separated from the body by a null line; nothing preceding
the CRLF. rtrim incorrectly strips tabs, thus skipping the remaining
headers
https://github.com/horde/horde/blob/master/framework/Mime/lib/Horde/Mime/Headers.php#L647
Example:
S*T*R*I*P*P*E*D
Message-Id: <redmine.journal-1099.20120619084107@contattadev.com>
References: <redmine.issue-263.20120605215949@contattadev.com>
Subject: [Contatta Core Framework - Feature
#263] Code - Attachments in Email<- H*E*R*E is a TAB and rest is skipped
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary=mimepart_4fe09d9362378_71323fc3637fe1b07f1
Auto-Submitted: auto-generated
X-Redmine-Issue-Id: 263
X-Redmine-Site: Redmine
X-Redmine-Issue-Assignee: mario
X-Mailer: Redmine
X-Auto-Response-Suppress: OOF
X-Redmine-Issue-Author: wkey
X-Redmine-Host: officedev.contattadev.com/redmine
X-Redmine-Project: contattazf