You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Under RFC 2046, a multipart body can have no preamble, or a preamble that is separated from the first boundary delimiter by a CRLF. The preamble can be empty, in which case there is a single blank line at the beginning of the multipart body before the first boundary delimiter. For such a message, Mail::Message::Body::Multipart::read will ignore the preamble, effectively erasing that blank line when the body is printed. Such modification of a message can cause message signature validation to fail.
This is how I would fix the bug, with a change to Mail::Box::Parser::Perl::_read_stripped_lines:
--- Perl.pm.orig 2023-08-23 21:57:17.539232700 -0700
+++ Perl.pm 2023-08-23 22:03:11.183477000 -0700
@@ -173,7 +173,13 @@
}
if(@$lines && $lines->[-1] =~ s/(\r?\n)\z//)
- { pop @$lines if @seps==1 && length($lines->[-1])==0;
+ { # Don't pop the only line, because
+ # Mail::Message::Body::Multipart::read needs to be able to
+ # distinguish between no preamble (no lines before the first
+ # boundary delimiter) and an empty preamble (one empty line before
+ # the first boundary delimiter) to preserve an empty preamble
+ # and the EOL character that goes between it and the delimiter.
+ pop @$lines if @seps==1 && length($lines->[-1])==0 && @$lines>1;
}
}
else # File without separators.
But please note that I haven't actually tested this fix on your code because we use our own optimized C implementation in Perl XS that mirrors the logic of Mail::Box::Parser::Perl::_read_stripped_lines. Incidentally, you can have our _read_stripped_lines C code if you want it, but it looks like you already have something similar in perl5-Mail-Box-Parser-C/C.xs. (And you might need the same fix there.)
Under RFC 2046, a multipart body can have no preamble, or a preamble that is separated from the first boundary delimiter by a CRLF. The preamble can be empty, in which case there is a single blank line at the beginning of the multipart body before the first boundary delimiter. For such a message, Mail::Message::Body::Multipart::read will ignore the preamble, effectively erasing that blank line when the body is printed. Such modification of a message can cause message signature validation to fail.
This is how I would fix the bug, with a change to Mail::Box::Parser::Perl::_read_stripped_lines:
But please note that I haven't actually tested this fix on your code because we use our own optimized C implementation in Perl XS that mirrors the logic of Mail::Box::Parser::Perl::_read_stripped_lines. Incidentally, you can have our _read_stripped_lines C code if you want it, but it looks like you already have something similar in perl5-Mail-Box-Parser-C/C.xs. (And you might need the same fix there.)
empty_preamble_multipart_test_message.eml.txt
The text was updated successfully, but these errors were encountered: