[Dovecot] broken message header parsing (was Re: forwarded message is broken in 2.2.10 with pigeonhole-0.4.2)

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 15 Jan 2014, Axel Luttgens wrote:
I'll try with 2.2.10 as soon as possible.

I anyway had to compile 2.2.10. ;-)
No more dubious header removal.

But but but...

Tried again, but now without a leading space at the beginning of the 
"boundary=" line, i.e. with:

        Content-Type: multipart/alternative;
        boundary=20cf302234d5b8063c04efcd4318

I received this one into my mailbox:

        [...]
        Content-Type: multipart/alternative;
        Message-Id: <20140115150454.5A9E28FA2D3@ALMba.local>
        Content-Length: 357

        boundary=20cf302234d5b8063c04efcd4318
        Subject: sieve test 6

        --20cf302234d5b8063c04efcd4318
        Content-Type: text/plain; charset=ISO-8859-1

instead of:

        [...]
        Content-Type: multipart/alternative;
         boundary=20cf302234d5b8063c04efcd4318
        Subject: sieve test 5
        Message-Id: <20140115144803.1C9FB8FA17A@ALMba.local>

        --20cf302234d5b8063c04efcd4318
        Content-Type: text/plain; charset=ISO-8859-1
        [...]

So, is could well be that you really are receiving messages without the line-continuation 
character (the leading white space before "boundary=").

On the other hand, I guess the dovecot/pigeonhole behavior isn't the most 
appropriate one when facing such a malformed message...

Well, you recieve the message text:

keyword: body
keyword: body
nokeyword
keyword: body
<<empty line>>
message body

The line "nokeyword" violates RFC. I wonder why your MTA delivers the 
message at all.

Pigeonhole stops parsing headers at nokeyword, OK. One could probably 
ignore that broken line instead, but if for some reason the empty line got 
screwed, one would parse stuff nobody knows where it's from. But if 
Pigeonhole would believe nokeyword is a continueation of the previous line 
and unfold it, you open for attacks, IMHO.

The message without the leading space in the cont line should look as 
"raw"/malformed in any mail client. I think Dovecot/Pigeonhole is correct 
to stop parsing headers after seeing a malformed header line.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUtbFJnD1/YhP6VMHAQKZHggA19M+CJR8p2OeAt16a6XhxmMNrnNT//MD
iukjdeRBFBUIR3MNlSVPP0K3L5fRgdc6tUpfnAMTb6i4pbFRCR7jHHp6xpWDyCic
2M3z2xUuo/AAYDWJiWfs7WUADWDAswvXkEtY714JN63e1Pi4374uI1MxJWCZI5xO
2gsEXrkudBwRhGAlG+3q3cXYqu7AzzZq4ZIKM3L9r/BS0Nlv9uCznibHZMhu9uUI
C7rq2Gs3fNo5p95RZ30OdFRKRTn85AzBP7jKR5jW2ugN7ILxZYQC8WmQZ7nxEW6H
ShR/QigU0pcrLiLC+S/3ZO1R0aSqbC2DNV9VyVGmvLVrC/tD/SnX4Q==
=gmoU
-----END PGP SIGNATURE-----