anomy-bugs

Re: Re: Sanitizer messing up embedded contents

From: Bjarni R. Einarsson (15653@xyz.molar.is)
Date: Tue 18 Jun 2002 - 11:46:34 UTC


On 2002-06-17, 12:06:35 (+0200), Peter Milesson wrote:
> Hi,
>
> I have been digging around in the perl library. This bug is caused by a
> bad QuotedPrint encoder. In CPAN, there are two Quoted printable encoders,
> and none of them work properly. Both of them strip blanks and new lines from
> the original file, thus making the attachment corrupt. I made my own version
> of the decode_qp function in MIME::QuotedPrint, and put it in place of the
> original one. It's working and no more corrupting my .pdf's and .dwg's.

I would be interested in seeing this code, and reviewing it for
inclusion in a future revision of the sanitizer. Could you send it
to me or make it available online somewhere?

> BTW, does anybody know how to post a correction to code in CPAN?

No, I would just try contacting the author or maintainer of the
module in question. There is one thing to keep in mind though - the
current code isn't strictly speaking buggy, due to ambiguities in
what exactly constitutes a "newline" on different platforms.

Basically, what works for one person under Unix (where a newline is
a single LF) will break stuff for others in Win32 (newline is CRLF)
and also for mac users (newline is CR).

This ambiguity is actually deliberate and stems from the fact that
the QP standard discusses "newlines" - not CR, LF, or combinations
thereof. A QP encoded "newline" is supposed to show up as a
"newline" on the recipients machine, even if the newline conventions
differ between the sending and receiving platform.

The real bug here is the mail client which is QP encoding binary
data - QP encoding is only appropriate for text and is actually
designed to "corrupt" binary data in exactly the way you describe.

-- 
Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
 15653@xyz.molar.is                -><-              http://bre.klaki.net/

Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: 15771@xyz.molar.is



hosted by molar.is