• src/smblib/smbtxt.c

    From Rob Swindell@VERT to Git commit to sbbs/master on Wednesday, November 11, 2020 17:55:49
    https://gitlab.synchro.net/sbbs/sbbs/-/commit/ad79c5916f7ccb3ea989eb8f
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Improved parsing of "charset" parameter in MIME Content-Type header.

    In Issue #177, the reported problem message header was "Content-Type: text/plain; charset=utf-8; format=flowed"
    The fact that the "charset" value was not quoted and not space delimited means the charset would have been parsed as "utf-8;", which would not provide an exact match (against "utf-8") in smb_msg_is_utf8() and thus the message body would not be considered to be utf-8 encoded.

    The solution is to terminate the "charset" parameter value at the semicolon, if it exists, and the value was not quoted.

    Also, for good measure, only search for " charset" or ";charset" to avoid false-positive parameter matches, like "notcharset".

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to sbbs/master on Wednesday, November 11, 2020 20:47:42
    https://gitlab.synchro.net/sbbs/sbbs/-/commit/6dd2aedbb8eaf5a939951bc1
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Fix crashing bug introduced in previous commit of this file

    Don't pass NULL to strcasestr().

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Thursday, December 10, 2020 01:33:34
    https://gitlab.synchro.net/main/sbbs/-/commit/0c68700b9eab611daa7c0510
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Include comment headers in smb_getmsgtxt() returned buffer

    even when GETMSGTXT_PLAIN mode flag is used and the message contains a MIME-encoded plain-text portion. Obviously the GETMSGTXT_NO_HFIELDS exception still applies.

    The fixed problem was when forwarding a MIME-encoded email, the forwarding information (and user comment, if supplied) could be suppressed/lost.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Thursday, January 21, 2021 02:04:00
    https://gitlab.synchro.net/main/sbbs/-/commit/7b05a61321b1d432e9503924
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Fix new GCC warning about return type.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Saturday, January 23, 2021 01:18:32
    https://gitlab.synchro.net/main/sbbs/-/commit/d23ad38ab8face340c90f118
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Fix heap corruption in smb_getattachment() for blank attachments

    MSVC detected heap corruption from this function when the attachment was 0-bytes in length. Good catch.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sunday, March 13, 2022 18:54:21
    https://gitlab.synchro.net/main/sbbs/-/commit/3503816fa5247306ec9ef37b
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Replace sprintf() calls with safe_snprintf()

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sunday, March 13, 2022 18:54:21
    https://gitlab.synchro.net/main/sbbs/-/commit/6895c8daf038e7d39a2330eb
    Modified Files:
    src/smblib/smbtxt.c
    Log Message:
    Fix heap corruption of qp_decode()

    qp_decode (quoted-printable in-place decode of a string) could write 2 characters *beyond* the allocated buffer by appending "\r\n" to a string that was not quoted-printable in the first place. i.e. the contents of buf were not actually changed in the decode loop. This could result in a corrupted heap and crash of sbbs or smbutil when reading such a message.

    This change may result in a lack of CRLF appended to decoded plain text output, so we'll have to keep an eye out for that and resolve it some other way. One possibility could be to only append the CRLF if the destination pointer is sufficiently behind the source pointer.

    This solves the crash that Kirkman reported with a specific message in his "mail" base. The header for the message said it was quoted-printable encoded, but the body text was not actually encoded at all:
    OtherHeader Content-Type: text/plain; charset="iso-8859-1"
    OtherHeader MIME-Version: 1.0
    OtherHeader Content-Transfer-Encoding: quoted-printable

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net