Re: Balsa 1.1.7 having trouble w/ mbox parsing?



> > and might i add, it's rather prone *remote exploits* by malicious
> > malformated mime messages
> 
> Yup!
> 
> I've had a few goes at writing a streaming MIME decoder in the past and
> gave up on each occasion when I contemplated how much easier the "decode
> to a file and then decode that" approach is.
> 
> Brian

I wrote a similar set of functions to read MIME parts.  It uses a recursive
algorithm to make its way through the MIME message, building a linked list
structure.  Each time it reaches a new MIME boundary, it simply calls
itself again with the new boundary, passing its current location as a
call-by-reference parameter.  I think it works pretty well, although I
haven't fed it too many malformed messages.

What kind of remote exploits do you see possible with this "streaming"
scheme?

julian




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]