tnef: Detect corrupted TNEF streams

ba637776 · Jared Hancock · ac42e624 · ba637776 · ba637776
Commit ba637776 authored 11 years ago by Jared Hancock
--- a/include/class.mailparse.php
+++ b/include/class.mailparse.php
@@ -46,6 +46,8 @@ class Mail_Parse {
        //Desired charset
        if($charset)
            $this->charset = $charset;
+        $this->notes = array();
    }
    function decode() {
@@ -95,10 +97,17 @@ class Mail_Parse {
        foreach ($this->struct->parts as $i=>$part) {
            if (!$part->parts && $part->ctype_primary == 'application'
                    && $part->ctype_secondary == 'ms-tnef') {
-                $tnef = new TnefStreamParser($part->body);
+                try {
-                $this->tnef = $tnef->getMessage();
+                    $tnef = new TnefStreamParser($part->body);
-                // No longer considered an attachment
+                    $this->tnef = $tnef->getMessage();
-                unset($this->struct->parts[$i]);
+                    // No longer considered an attachment
+                    unset($this->struct->parts[$i]);
+                }
+                catch (TnefException $ex) {
+                    // TNEF will remain an attachment
+                    $this->notes[] = 'TNEF parsing exception: '
+                        .$ex->getMessage();
+                }
            }
        }

--- a/include/tnef_decoder.php
+++ b/include/tnef_decoder.php
@@ -5,6 +5,11 @@
    Parser library and data objects for Microsoft TNEF (Transport Neutral
    Encapsulation Format) encoded email attachments.
+    Jared Hancock <jared@osticket.com>
+    Peter Rotich <peter@osticket.com>
+    Copyright (c)  2006-2014 osTicket
+    http://www.osticket.com
    This algorithm based on a similar project; however the original code did
    not process the HTML body of the message, nor did it properly handle the
    Microsoft Unicode encoding found in the attributes.
@@ -25,11 +30,6 @@
     * @author  Michael Slusarz <slusarz@horde.org>
     * @package Horde_Compress
-    Jared Hancock <jared@osticket.com>
-    Peter Rotich <peter@osticket.com>
-    Copyright (c)  2006-2013 osTicket
-    http://www.osticket.com
    Released under the GNU General Public License WITHOUT ANY WARRANTY.
    See LICENSE.TXT for details.
@@ -52,7 +52,14 @@ class TnefStreamReader implements Iterator {
    var $streams = array();
    var $current = true;
-    function __construct($stream) {
+    var $options = array(
+        'checksum' => true,
+    );
+    function __construct($stream, $options=array()) {
+        if (is_array($options))
+            $this->options += $options;
        $this->push($stream);
        // Read header
@@ -102,11 +109,12 @@ class TnefStreamReader implements Iterator {
        return $value;
    }
    function check($block) {
-        $bytes = unpack('*bb', $block['data']);
+        $sum = 0;
-        $sum = array_sum($bytes);
+        for ($i=0, $k=strlen($block['data']); $i < $k; $i++)
-        return $block['checksum'] == ($sum % 65535);
+            $sum += ord($block['data'][$i]);
+        if ($block['checksum'] != ($sum % 65536))
+            throw new TnefException('Corrupted block. Invalid checksum');
    }
    function next() {
@@ -122,6 +130,9 @@ class TnefStreamReader implements Iterator {
            'data' => $this->_getx($length),
            'checksum' => $this->_geti(16)
        );
+        if ($this->options['checksum'])
+            $this->check($this->current);
    }
    function current() {