RFC 2047 encoded subject with erroneous space in the base64 part not decoded

RESOLVED FIXED in Thunderbird 66.0

Status

defect
RESOLVED FIXED
7 months ago
4 months ago

People

(Reporter: jorgk, Unassigned)

Tracking

Thunderbird 66.0

Thunderbird Tracking Flags

(thunderbird_esr6065+ fixed, thunderbird65 fixed, thunderbird66 fixed)

Details

Attachments

(1 attachment, 1 obsolete attachment)

Reporter

Description

7 months ago
I just received a mail with this subject:
=?UTF-8?B?Q29uc2lndWUgdG9kbyBlbCBmw7p0Ym9sIGNvbiBGVVNJw5NOIGNvbiBlc3RlIG9mZX J0w7Nu?=

TB doesn't decode that at all. Removing the space I get:
Consigue todo el fútbol con FUSIÓN con este ofertón

Using my PHP decoder at http://www.jorgk.com/decode/decode.php I also get that result even with the space included. Looks like JS Mime could be a little more tolerant. Alfred?
Flags: needinfo?(infomail42)
Flags: needinfo?(infofrommozilla)

Comment 1

7 months ago
(In reply to Jorg K (GMT+2) from comment #0)
> I just received a mail with this subject:
> =?UTF-8?B?Q29uc2lndWUgdG9kbyBlbCBmw7p0Ym9sIGNvbiBGVVNJw5NOIGNvbiBlc3RlIG9mZX
> J0w7Nu?=
> 
> TB doesn't decode that at all. Removing the space I get:
> Consigue todo el fútbol con FUSIÓN con este ofertón

A space or a 'folding white space'? Dupe of Bug 1439542?

> Using my PHP decoder at http://www.jorgk.com/decode/decode.php I also get
> that result even with the space included. Looks like JS Mime could be a
> little more tolerant. Alfred?

If you be able to implement this somewhat fail-safe, I agree. But I'm afraid you'll
open the "Pandora's Box" with it.

See also Bug 1439542 comment #4

I do not want to be a spoilsport. But how far do you want to go?
Only remove one space?
Also FWS?
Several?
What about a subject like "A MIME word starts with =?UTF-8?B? and ends with ?="? }:-)
(see also Bug 756862 - But that's a completely different story.)
Flags: needinfo?(infofrommozilla)

Updated

7 months ago
Flags: needinfo?(infomail42)
Reporter

Comment 2

7 months ago
As printed in comment #0, a space in the base64, not a folding space. FWS (Folding White-Space, well, we could, and yes, several as well. But I see that |A MIME word starts with =?UTF-8?B? and ends with ?=| would cause a problem.

OK, here we go for the next error. Type this as the subject of a message:
A MIME word starts with =?UTF-8?B?andendswith?=

You get this as a subject:
=?UTF-8?Q?A_MIME_word_starts_with_jw=5e=ef=bf=bd=ef=bf=bd0?=

:-(

Comment 3

7 months ago
Another thought:
Could a SPAMer use a SPACE to hide his Subject from a Junk filter?

Comment 4

5 months ago
This allows decoding of MIME words with SPACES inside in the thread pane and in the header pane.

Unfortunately, I also see two side effects:

- Folded MIME words are viewed decoded in thread pane, but not in header pane.
I guess that's because we store them already unfolded in our database. And so they are used in the thread pane.

- We will also decode pain text headers like:
  Subject: MIME words begin with =?UTF-8?B? and end with ?=
        => MIME words begin with jw^��"

Both cases are unpleasant but relatively unlikely.
Attachment #9034556 - Flags: review?(jorgk)
Reporter

Comment 5

5 months ago
Can you please include a test, or should I?

Comment 6

5 months ago
(In reply to Jorg K (GMT+1) from comment #5)
> Can you please include a test, or should I?

this one already fails with the patch:
https://searchfox.org/comm-central/source/mailnews/mime/jsmime/test/test_header.js#629

|627# // Some interesting headers found in the wild:
|628# // Invalid base64 text. We decide not to decode this word.

It belongs to Bug 959309. But I can't find that 'decision process' there.

Since this test produces only nonsense, I will replace it.

Comment 7

5 months ago
The same patch. Just with a test.
Attachment #9034556 - Attachment is obsolete: true
Attachment #9034556 - Flags: review?(jorgk)
Attachment #9034573 - Flags: review?(jorgk)
Reporter

Comment 8

5 months ago
Comment on attachment 9034573 [details] [diff] [review]
Allow SPACES inside of MIME words

Yes, I would have imagined test failures on the existing code base. I'm surprised that you just had to make the test more lenient and then the decoding already worked out of the box.

Strange coincidence, just today I received:
=?UTF-8?B?RGlzZnJ1dGEgZGUgbG9zIG1lam9yZXMgcGxhbmVzIGVuIHR1IGNpdWRhZCBhbCBtZW 5vciBwcmVjaW8=?=

I'll won't know which good SPAM offer I missed here :-(


[Triage Comment]

[Triage Comment]
Attachment #9034573 - Flags: review?(jorgk)
Attachment #9034573 - Flags: review+
Attachment #9034573 - Flags: approval-comm-esr60+
Attachment #9034573 - Flags: approval-comm-beta+

Comment 9

5 months ago
Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/0498136de604
Be more tolerant of spaces in base64-encoded RFC 2047 tokens. r=jorgk
Status: NEW → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → FIXED
Reporter

Comment 10

5 months ago
(Like always) I've taken the liberty to tweak the commit message and a comment ;-)

Thanks Alfred!

Oh, another test suite to check is
mach xpcshell-test comm/mailnews/mime/test/unit/
on top of
mach xpcshell-test comm/mailnews/mime/jsmime/test
Target Milestone: --- → Thunderbird 66.0
Reporter

Updated

4 months ago
Duplicate of this bug: 1519701
You need to log in before you can comment on or make changes to this bug.