Re: [evolution-patches] fix for bug #44457
- From: Jeffrey Stedfast <fejj ximian com>
- To: Not Zed <notzed ximian com>
- Cc: evolution-patches ximian com
- Subject: Re: [evolution-patches] fix for bug #44457
- Date: 11 Jun 2003 23:17:45 -0400
On Wed, 2003-06-11 at 21:12, Not Zed wrote:
> On Thu, 2003-06-12 at 07:37, Jeffrey Stedfast wrote:
> > since the mail-format.c code didn't know how to handle video/* types, it
> > had gnome-vfs sniff it. gnome-vfs told us it was text/x-troff-man and so
> > we tried to display it as text. since the content->rawtext bit was not
> > set, we assumed it was already in UTF-8 and so didn't bother to convert
> > - crash.
> >
> > the camel portion of the patch changes rawtext to just raw and makes it
> > default to TRUE so that application/octet-stream, etc parts have this
> > bit set always. the change from rawtext to raw could be undone, I mostly
> > just did it because the name "rawtext" isn't really appropriate for
> > non-textual parts.
>
> But it only has meaning for textual parts. All other parts, by
> definition, are and can only be raw. Textual parts can be un-raw if
> they're converted to utf8 - something you can't do for non-textual
> parts. So all of that should be reverted, otherwise it confuses the
> meaning of the flag.
true. perhaps a is_utf8 flag? if we continue having the logic in camel,
we need to default a flag to say that the mime-part is likely *not* in
UTF-8 format so that if we decide in the mailer to display a non-textual
part as text, the mailer can know that it needs to convert to UTF-8
before displaying.
whether the flag stays as rawtext or becomes is_utf8, or whatever is
mostly irrelevant.
>
> (and maybe another reason this logic should be moved up)
*nod*
>
> > the mailer patch fixes it so that we don't sniff a mime part unless it
> > was declared as application/octet-stream (any other mime type doesn't
> > make sense to sniff, since presumably the declared mime-type is
> > correct).
>
> I dont understand what the format/flowed text/plain check is for. If
> we're already in that bit of code, we've already decided that the text
> is plain text, or should be treated as such.
right, we've decided that a part that was not originally marked as
text/plain is to be handled as text. BUT, if the part was originally:
Content-Type: application/foo-bar; format=<blah>
the format param has a completely separate meaning from the one defined
for text/plain parts, so we should ignore it.
>
> The check for application/octet-stream seems ok.
>
> > another way (smaller patch) to fix this bug would be to make it so that
> > handle_text_plain() checked the actualy mime-type of the part and if it
> > was not text/*, then set content->rawtext to TRUE, but that seemed like
> > an ugly hack so I opted for the slightly larger fix, but which seemed
> > like the more correct fix.
>
> This doesn't make sense anyway.
>
> The part is already supposed to have been identified by then.
>
>
> The important bug is a crash in the display code anyway. A "DOS"
> attack, e.g. if someone passes such a mail with text/plain as the
> content-type, it'll still crash/abort. Displaying rubbish is a bit
> untidy, but crashing is serious.
no, it wouldn't. it would NOT crash because camel would have
appropriately set the rawtext flag and/or converted the content to UTF-8
in the first place, thus preventing the crash.
(I tested this theory, and it displays fine without a crash if we tell
the mailer that the part is rawtext)
Jeff
>
>
--
Jeffrey Stedfast
Evolution Hacker - Ximian, Inc.
fejj ximian com - www.ximian.com
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]