On Friday 29 June 2007 13:26:20 Chris Frey wrote: > On Sun, Jun 24, 2007 at 06:43:07AM -0600, Brian Edginton wrote:
> I've applied the patch verbatim. There's a couple of things of note: > > One thing I noticed that was missing was a proper size check in > the new ParseHeader() member functions. You're doing a MAKE_RECORD() > without checking that there is enough data in the buffer. There > should be a check somewhere, like > > if( data.GetSize() < (offset + sizeof(MessageRecord)) ) > // not enough data > return; > > We might even want to throw an exception here actually. That is what > protocol.cc:CheckSize() does, and that is used liberally through > the parsing code. I'd recommend that. Thanks for catching that, I'll add it and send a patch. > > I don't understand why you need to subtract an hour. > > It also bothers me that we are relying so heavily on localtime > for this. I'd be very interested if we can avoid that, and use exact > time in UTC, or be able to convert it somehow. So, see my comments on time/date obfuscation below. > > > And finally, all usage of multi-byte structure fields need to be > fed through the endian conversion functions, btoh() and friends. > This seems to be missing. Noted. > > > In protostructs.h I've commented on most of the fields as I've been able > > to parse them out. There are still some fields that appear interesting, > > but most of the important data has been discovered and I hope interpreted > > correctly. > > Thanks! > > > Left on the TODO list: > > Year information from the date field - I'll set up a test configuration > > that will let me adjust the year on emails, or wait 6 months for the year > > to change - whichever comes first. > > Can you send yourself an email with a forged Date: header? > I can try sending you one if you need. I'd appreciate it. ([EMAIL PROTECTED]) My ISP massages the email and I've not configured for SMTP from home. You'd save me some time if you could send me a forged header. > > > Time is 'close' but I'm not sure that getting any finer resolution is > > worth any more effort. The way to effect this is to go to better > > resolution than 1.77. > > Pardon my timestamp-challenged brain here, but why 1.77? :-) > > This would help to document the units that timeReceived is in, etc. Okay. Comments on date/time on the BB. The 'days' portion of the date is kept in the bottom 9 bits of the date word, it is the days since 1 Jan - and 0x29 is added to it to confuse the simple minded (or it really means something, the meaning of which confuses me!). I'm pretty certain the 'year' information is encoded in the upper portion of this word. Because all time on the BB seems to be local, you'll notice the dates on the email are relative to your local time, not the TZ that the email was sent from. This seems to be true both when I receive PIN email, mail via blackberry.net or from my exchange server at work. So, having to subtract an hour maybe an artifact on my box from only having just re-installed - the output of 'then' in time.cc is one hour after midnight, Jan 01, xxxx. If you are seeing that the display of email is +1hr on your dump then I'll have a harder look. If I did anything fancier then I would have to grab the TZ from the BB and use it - what do you think? Is that necessary? The time component is seconds since 'local' midnight times (*) ~1.77, and this also appears to be some sort of BB specific encrypting. There is probably some multiplier hidden in the code but this seems close enough. -edge ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Barry-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/barry-devel
