------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1558 Summary: MIME ACL crash not completely fixed Product: Exim Version: 4.84 Platform: All OS/Version: Linux Status: NEW Severity: bug Priority: medium Component: ACLs AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] The MIME ACL crash in 4.84 has had an attempt to fix committed to Git, but it is not complete. I observe crashes still using 4.84 + 93cad488 from Git, when processing a mail containing this MIME-part header: Content-Type: text/html; charset=UTF-8; name="" The quoted empty parameter is the issue. Looking at the affected code in mime.c, it would appear that the local variable param_value_len, used to perform pointer arithmetic to advance past the parsed parameter, is being computed incorrectly when quotes are present. It is also computed incorrectly if rfc2047_decode finds anything decode, as it is passed by reference to rfc2047_decode to be modified, but the length of the raw undecoded string is what is needed here. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
