flanker icon indicating copy to clipboard operation
flanker copied to clipboard

Published 20 hours ago verified publisher icon mailgun

Flanker barfs on malformed MIME parts

Open khamidou opened this issue 11 years ago • 1 comments

Hi,

We use flanker to parse MIME parts and I think I found a special case where the parser crashes on slightly-malformed content. I've narrowed it to the following test case:

Delivered-To: [email protected]
Date: 11 Jan 2013 18:54:26 -0000
MIME-Version: 1.0
To: <[email protected]>
Message-ID: <1357884894.S.69618.18751.f5mail-224-118.example.com>
Sender: [email protected]
Subject: Dear sir
From: "John Doe " <[email protected]>
Content-Type: multipart/mixed;
    boundary="=_e6ddd3579a993208589b263b76d66bec"

--=_e6ddd3579a993208589b263b76d66bec
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"

URGENT - HELP ME DISTRIBUTE MY $15 MILLION TO CHARITY

IN SUMMARY:- I have 15,000,000.00 (fifteen million) U.S. Dollars and I want you to assist me in distributing the money to charity organizations.

--=_e6ddd3579a993208589b263b76d66bec
Content-Transfer-Encoding: 
Content-Type: message/rfc822;
 name="ForwardedMessage"; 
Content-Disposition: inline;
 filename="ForwardedMessage"; 
--=_e6ddd3579a993208589b263b76d66bec--

I think the parser expects the Message part to be followed by \r\n which makes it crash.

I use the following program to trigger the bug:

import sys
from flanker import mime

fd = open(sys.argv[1], "r")
contents = fd.read()

parsed = mime.from_string(contents)

for mimepart in parsed.walk(with_self=parsed.content_type.is_singlepart()):
    print mimepart.headers

The traceback is:

Traceback (most recent call last):
  File "/contrib/flanker/testcase.py", line 11, in <module>
    print mimepart.headers
  File "/contrib/flanker/flanker/mime/message/part.py", line 389, in headers
    return self._container.headers
  File "/contrib/flanker/flanker/mime/message/part.py", line 42, in headers
    self._load_headers()
  File "/contrib/flanker/flanker/mime/message/part.py", line 65, in _load_headers
    self.stream.seek(self.start)
TypeError: an integer is required

I'd be happy to contribute a patch if you could point me in the right direction.

khamidou avatar Oct 07 '14 16:10 khamidou

@khamidou Can you verify the above PR fixes the issue for you as well?

grinich avatar May 11 '15 00:05 grinich