Bug 7467

Summary: RFC 2231 section 3: Parameter Value Continuations
Product: Spamassassin Reporter: Karsten Bräckelmann <guenther>
Component: LibrariesAssignee: SpamAssassin Developer Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal CC: apache, kmcgrail
Priority: P2    
Version: 3.4 SVN branch   
Target Milestone: Undefined   
Hardware: PC   
OS: Linux   
Whiteboard:

Description Karsten Bräckelmann 2017-09-01 00:07:45 UTC 
The fix for bug 7453 was merely cosmetic, eliminating warnings from the logs. The underlying issue is that we didn't properly get the filename from the MIME headers.

M::SA::Util.pm parse_content_type() handled plain parameter values only and did not detect and join numbered sections.

Revision 1806879 implements support for MIME parameter value continuations. Not in the general case though, but specifically for the filename value, which is actually used by plugins and rules.

Sending        SpamAssassin/Util.pm
Committed revision 1806879.

As per the RFC, gaps in the sequence are not allowed. Handling them anyway prevents an easy attack to flood logs with gazillions of "uninitialized value" warnings".
Comment 1 Karsten Bräckelmann 2017-09-01 00:11:16 UTC 
Also backporting to the stable 3.4 branch. Despite the changes to Util.pm, safe enough and reasonably easy to do.

Sending        lib/Mail/SpamAssassin/Util.pm
Committed revision 1806880.
Comment 2 Kevin A. McGrail 2018-08-28 04:45:18 UTC 
Is this resolved?
Comment 3 Henrik Krohns 2021-04-12 13:52:15 UTC 
I guess it works.