Thunderbird doesn't render email (blank) if MIME boundary contains apostrophe character
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(thunderbird_esr78 affected, thunderbird91 fixed)
People
(Reporter: KaiE, Assigned: infofrommozilla)
Details
Attachments
(3 files)
If the MIME boundary of a received email contains an apostrophe character (') then Thunderbird fails to display the email contents. Instead, it shows blank space.
|
Reporter | |
Comment 1•4 years ago
|
||
According to this answer https://stackoverflow.com/questions/4656287/what-rules-apply-to-mime-boundary
the ' character is allowed in the boundary.
|
|
Reporter | |
Comment 2•4 years ago
|
||
this message fails to render
|
|
Reporter | |
Comment 3•4 years ago
|
||
almost the same message as before, just with the apostrophe removed from the boundary, this message renders
|
|
Reporter | |
Comment 4•4 years ago
|
||
The implementation for parsing the boundary line is in nsIMIMEHeaderParam::getParameterInternal (mozilla/firefox core code).
Changing component.
|
|
Reporter | |
Comment 5•4 years ago
|
||
CC'ing Alfred and Julian who worked on related code in the past.
|
Assignee | |
Comment 6•4 years ago
|
||
This looks fishy:
https://searchfox.org/comm-central/rev/2211115031808fb4a39e56ee26ec2df93e6bf3b3/mail/extensions/openpgp/content/modules/mimeVerify.jsm#208
this.boundary = hdr.boundary.replace(/['"]/g, "");
I guess this is to remove apostrophes when they are misused as quotation marks. But it also removes them inside the boundary.
Proof: If I remove the apostrophes only in the body, the mail is displayed correctly.
This is a smarter version:
https://searchfox.org/comm-central/rev/2211115031808fb4a39e56ee26ec2df93e6bf3b3/mail/extensions/openpgp/content/modules/fixExchangeMsg.jsm#245
r.boundary = r.boundary.replace(/^(['"])(.*)(['"])/, "$2");
|
|
Assignee | |
Comment 7•4 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #1)
According to this answer https://stackoverflow.com/questions/4656287/what-rules-apply-to-mime-boundary
the ' character is allowed in the boundary.
The original reference:
https://www.rfc-editor.org/rfc/rfc2046#section-5.1.1 -> Page 21
|
|
Assignee | |
Comment 8•4 years ago
|
||
(In reply to Alfred Peters from comment #6)
This is a smarter version:
https://searchfox.org/comm-central/rev/2211115031808fb4a39e56ee26ec2df93e6bf3b3/mail/extensions/openpgp/content/modules/fixExchangeMsg.jsm#245
r.boundary = r.boundary.replace(/^(['"])(.*)(['"])/, "$2");
I have changed all three occurrences so:
.replace(/^(['"])(.*)(\1)$/, "$2");
Only tested with the debuger from the Developer Toolbox. So a trybuild would be useful.
|
|
Reporter | |
Comment 9•4 years ago
|
||
Alfred, thanks a lot for finding this code. I didn't expect the OpenPGP code to modify the boundary.
Also I didn't know that it's possible to use the \1 reference expression inside the search string of a regular expression!
That's very useful to know.
I've tested your patch with the original message I've received, and it fixes it correctly.
Thanks for your patch!
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
||
Comment 10•4 years ago
|
||
Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/3806ed03b53b
When the MIME boundary is sanitized, leave apostrophes inside alone r=kaie
|
||
Updated•4 years ago
|
|
|
||
Comment 11•4 years ago
|
||
This bug has a target milestone of 91 so I'm setting the status-thunderbird91 flag to fixed.
Description
•