183
183
/* MIME parser state created with mime_state_alloc().
185
/* NOTE: when the end of headers is reached, mime_state_update()
186
/* may execute up to three call-backs before returning to the
187
/* caller: head_out(), head_end(), and body_out() or body_end().
188
/* As long as call-backs return no result, it is up to the
189
/* call-back routines to check if a previous call-back experienced
185
192
/* Different mail user agents treat malformed message boundary
186
193
/* strings in different ways. The Postfix MIME processor cannot
187
194
/* be bug-compatible with everything.
493
500
/* Volatile members. */
494
501
state->err_flags = 0;
502
state->body_offset = 0; /* XXX */
495
503
SET_MIME_STATE(state, MIME_STATE_PRIMARY,
496
504
MIME_CTYPE_TEXT, MIME_STYPE_PLAIN,
497
505
MIME_ENC_7BIT, MIME_ENC_7BIT);
931
939
* messages. Otherwise, treat such headers as part of the "body". Set
932
940
* the proper encoding information for the multipart prolog.
942
* XXX We parse headers inside message/* content even when the encoding
943
* is invalid (encoding != domain). With base64 we won't recognize
944
* any headers, and with quoted-printable we won't recognize MIME
945
* boundary strings, but the MIME processor will still resynchronize
946
* when it runs into the higher-level boundary string at the end of
947
* the message/* content. Although we will treat some headers as body
948
* text, we will still do a better job than if we were treating the
949
* entire message/* content as body text.
934
951
* XXX This changes state to MIME_STATE_NESTED and then outputs a body
935
952
* line, so that the body offset is not properly reset.
960
977
* Invalid input. Force output of one blank line and jump to the
961
978
* body state, leaving all other state alone.
980
* We don't break legitimate mail by inserting a blank line
981
* separator between primary headers and a non-empty body. Many
982
* MTA's don't even record the presence or absence of this
983
* separator, nor does the Milter protocol pass it on to Milter
986
* XXX We don't insert a blank line separator into attachments, to
987
* avoid breaking digital signatures. Postfix shall not do a
988
* worse mail delivery job than MTAs that can't even parse MIME.
989
* We switch to body state anyway, to avoid treating body text as
990
* header text, and mis-interpreting or truncating it. The code
991
* below for initial From_ lines is for educational purposes.
993
* Sites concerned about MIME evasion can use a MIME normalizer.
994
* Postfix has a different mission.
964
SET_CURR_STATE(state, MIME_STATE_BODY);
965
BODY_OUT(state, REC_TYPE_NORM, "", 0);
998
msg_info("garbage in %s header",
999
state->curr_state == MIME_STATE_MULTIPART ? "multipart" :
1000
state->curr_state == MIME_STATE_PRIMARY ? "primary" :
1001
state->curr_state == MIME_STATE_NESTED ? "nested" :
1003
switch (state->curr_state) {
1004
case MIME_STATE_PRIMARY:
1005
BODY_OUT(state, REC_TYPE_NORM, "", 0);
1006
SET_CURR_STATE(state, MIME_STATE_BODY);
1009
case MIME_STATE_NESTED:
1010
if (state->body_offset <= 1
1011
&& rec_type == REC_TYPE_NORM
1013
&& (strncmp(text + (*text == '>'), "From ", 5) == 0
1014
|| strncmp(text, "=46rom ", 7) == 0))
1019
SET_CURR_STATE(state, MIME_STATE_BODY);