Skip to content

Commit

Permalink
fix(MailMessage): double free if Content-Disposition is empty
Browse files Browse the repository at this point in the history
  • Loading branch information
@tyler92 @matejk
tyler92 authored and matejk committed Sep 13, 2024
1 parent 71a9bda commit cefab15
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 6 deletions.
12 changes: 6 additions & 6 deletions Net/src/MailMessage.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,12 @@ namespace
NameValueCollection::ConstIterator end = header.end();
bool added = false;

if (contentDisp.empty())
{
_pMsg->addContent(pPS, cte);
added = true;
}

static const auto lcContentDisposition = Poco::toLower(MailMessage::HEADER_CONTENT_DISPOSITION);

for (; it != end; ++it)
Expand All @@ -122,12 +128,6 @@ namespace
pPS->headers().set(it->first, it->second);
}

if (contentDisp.empty())
{
_pMsg->addContent(pPS, cte);
added = true;
}

if (!added) delete pPS;
}
}
Expand Down
37 changes: 37 additions & 0 deletions Net/testsuite/src/MailMessageTest.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -558,6 +558,42 @@ void MailMessageTest::testReadMultiPartMixedCaseHeaders()
}


void MailMessageTest::testReadMultiPartInvalidContentDisposition()
{
std::istringstream istr(
"Content-type: multipart/mixed; boundary=MIME_boundary_01234567\r\n"
"Date: Thu, 1 Jan 1970 00:00:00 GMT\r\n"
"From: [email protected]\r\n"
"Mime-Version: 1.0\r\n"
"Subject: Test Message\r\n"
"To: John Doe <[email protected]>\r\n"
"\r\n"
"\r\n"
"Hello World!\r\n"
"\r\n"
"--MIME_boundary_01234567\r\n"
"Content-Disposition: \r\n"
"Content-Transfer-Encoding: base64\r\n"
"Content-Type: application/octet-stream; name=sample\r\n"
"\r\n"
"VGhpcyBpcyBzb21lIGJpbmFyeSBkYXRhLiBSZWFsbHku\r\n"
"--MIME_boundary_01234567--\r\n"
);

MailMessage message;
MailInputStream mis(istr);
message.read(mis);

assertTrue (message.isMultipart());
assertTrue (message.parts().size() == 1);
assertTrue (message.get(MailMessage::HEADER_CONTENT_TYPE) == "multipart/mixed; boundary=MIME_boundary_01234567");

assertTrue (message.parts()[0].encoding == MailMessage::ContentTransferEncoding::ENCODING_BASE64);
assertTrue (message.parts()[0].disposition == MailMessage::ContentDisposition::CONTENT_INLINE);
assertTrue (message.parts()[0].pSource->headers().get(MailMessage::HEADER_CONTENT_TYPE) == "application/octet-stream; name=sample");
}


void MailMessageTest::testReadMultiPartNoFinalBoundaryFromFile()
{
std::string data(
Expand Down Expand Up @@ -758,6 +794,7 @@ CppUnit::Test* MailMessageTest::suite()
CppUnit_addTest(pSuite, MailMessageTest, testReadMultiPart);
CppUnit_addTest(pSuite, MailMessageTest, testReadMultiPartDefaultTransferEncoding);
CppUnit_addTest(pSuite, MailMessageTest, testReadMultiPartMixedCaseHeaders);
CppUnit_addTest(pSuite, MailMessageTest, testReadMultiPartInvalidContentDisposition);
CppUnit_addTest(pSuite, MailMessageTest, testReadMultiPartNoFinalBoundaryFromFile);
CppUnit_addTest(pSuite, MailMessageTest, testReadWriteMultiPart);
CppUnit_addTest(pSuite, MailMessageTest, testReadWriteMultiPartStore);
Expand Down
1 change: 1 addition & 0 deletions Net/testsuite/src/MailMessageTest.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ class MailMessageTest: public CppUnit::TestCase
void testReadMultiPartWithAttachmentNames();
void testReadMultiPartDefaultTransferEncoding();
void testReadMultiPartMixedCaseHeaders();
void testReadMultiPartInvalidContentDisposition();
void testReadMultiPartNoFinalBoundaryFromFile();
void testEncodeWord();

Expand Down

0 comments on commit cefab15

Please sign in to comment.