From 41bd429452f45cb43110ec4699871a2cbd9c0a5e Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Mon, 30 Aug 2021 17:49:32 +0200
Subject: [PATCH] blaze822: blaze822/blaze822_mem: detect line ending before
 scanning end of header

A mail using CRLF which contained (for some reason) a LFLF pair would
be misparsed as the header was read until the LFLF.

Instead, scan for the first LF, check if it's preceded by CR,
and then search for the proper header terminator only.

Closes #212.
---
 blaze822.c             | 43 ++++++++++++++++++++++++++++++------------
 t/1701-mshow-regress.t | 29 ++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+), 12 deletions(-)
 create mode 100755 t/1701-mshow-regress.t

diff --git a/blaze822.c b/blaze822.c
index e55ae49..9262f6f 100644
--- a/blaze822.c
+++ b/blaze822.c
@@ -420,10 +420,19 @@ unfold_hdr(char *buf, char *end)
 	compress_hdr(l, end);
 }
 
+static int
+is_crlf(char *s, size_t len)
+{
+	char *firsteol = memchr(s, '\n', len);
+
+	return firsteol && firsteol > s && firsteol[-1] == '\r';
+}
+
 struct message *
 blaze822(char *file)
 {
 	int fd;
+	int crlf;
 	ssize_t rd;
 	char *buf;
 	ssize_t bufalloc;
@@ -466,15 +475,21 @@ blaze822(char *file)
 			close(fd);
 			return 0;
 		}
-
-		if ((end = mymemmem(buf-overlap+used, rd+overlap, "\n\n", 2))) {
-			end++;
-			break;
+		if (used == 0) {
+			crlf = is_crlf(buf, rd);
 		}
-		if ((end = mymemmem(buf-overlap+used, rd+overlap, "\r\n\r\n", 4))) {
-			end++;
-			end++;
-			break;
+
+		if (crlf) {
+			if ((end = mymemmem(buf-overlap+used, rd+overlap, "\r\n\r\n", 4))) {
+				end++;
+				end++;
+				break;
+			}
+		} else {
+			if ((end = mymemmem(buf-overlap+used, rd+overlap, "\n\n", 2))) {
+				end++;
+				break;
+			}
 		}
 
 		used += rd;
@@ -502,11 +517,15 @@ blaze822_mem(char *src, size_t len)
 	if (!mesg)
 		return 0;
 
-	if ((end = mymemmem(src, len, "\n\n", 2))) {
-		mesg->body = end+2;
-	} else if ((end = mymemmem(src, len, "\r\n\r\n", 4))) {
-		mesg->body = end+4;
+	if (is_crlf(src, len)) {
+		if ((end = mymemmem(src, len, "\r\n\r\n", 4)))
+			mesg->body = end+4;
 	} else {
+		if ((end = mymemmem(src, len, "\n\n", 2)))
+			mesg->body = end+2;
+	}
+
+	if (!end) {
 		end = src + len;
 		mesg->body = end;
 		mesg->bodyend = end;
diff --git a/t/1701-mshow-regress.t b/t/1701-mshow-regress.t
new file mode 100755
index 0000000..ffb676d
--- /dev/null
+++ b/t/1701-mshow-regress.t
@@ -0,0 +1,29 @@
+#!/bin/sh -e
+cd ${0%/*}
+. ./lib.sh
+plan 2
+
+# Mail with \n\n and \r\n\r\n
+cr=$(printf '\r')
+cat <<EOF >tmp
+Content-Type: multipart/form-data; boundary=------------------------55a586f81559face$cr
+$cr
+--------------------------55a586f81559face$cr
+Content-Disposition: form-data; name="a"; filename="foo"$cr
+Content-Type: application/octet-stream$cr
+$cr
+foo$cr
+
+previously there are two NL$cr
+$cr
+--------------------------55a586f81559face$cr
+Content-Disposition: form-data; name="a"; filename="bar"$cr
+Content-Type: application/octet-stream$cr
+$cr
+bar$cr
+$cr
+--------------------------55a586f81559face--$cr
+EOF
+
+check 'mail has 3 attachments' 'mshow -t ./tmp | wc -l | grep 4'
+check 'mail attachment foo has size 35' 'mshow -t ./tmp | grep size=35.*name=\"foo\"'