Net::MailMessage::read hangs on missing final multipart boundary

[avoronkov]

Expected behavior

Poco::Net::MailMessage::read finishes when reading messages without final multipart boundary.

Actual behavior

Process stucks in infinite loop with 100% CPU consumption on reading with following strace:

read(3, "\n", 8191)                     = 1
read(3, "", 8191)                       = 0
read(3, "", 8191)                       = 0
lseek(3, -1, SEEK_CUR)                  = 7252
read(3, "\n", 8191)                     = 1
read(3, "", 8191)                       = 0
read(3, "", 8191)                       = 0
lseek(3, -1, SEEK_CUR)                  = 7252

Steps to reproduce the problem

1. Compile and run the following program:

#include "Net/MailMessage.h"
#include <fstream>

int main() {
    std::ifstream ifs("mail_example.txt");
    Poco::Net::MailMessage message;
    message.read(ifs);
    return 0;
}

with mail_example.txt containing the following:

To: user@example.org
Subject: Test parsing incomplete multipart message
X-Mailer: Microsoft Office Outlook, Build 17.551210
From: user@examle.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="ec3ac6be4c8e86c0d91b89466e1f7bd7"
Date: Mon, 23 Jul 2018 14:29:45 +0200 (CEST)

Content-Transfer-Encoding: 7bit
This is a MIME encoded message.

--ec3ac6be4c8e86c0d91b89466e1f7bd7
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head> <title>Looks like outlook sends such emails sometimes</title> </head>
<body>
<div><span style="background-color: #ffffff; color: #0000ff;"><strong></strong></span></div>
</body>
</html>

POCO version

1.9.0

Compiler and version

GCC 6.3.0

Operating system and version

CentOS 7.5

Other relevant information

Root cause: MessageHeader::read incorrectly puts eof into istream which results in storing char 255 in stream.
Patch:

--- ./Net/src/MessageHeader.cpp.orig    2018-03-08 21:28:06.000000000 +0700
+++ ./Net/src/MessageHeader.cpp 2018-07-24 18:22:55.623781305 +0700
@@ -104,7 +104,9 @@
                add(name, decodeWord(value));
                ++fields;
        }
-       istr.putback(ch);
+       if (ch != eof) {
+               istr.putback(ch);
+       }
 }
 
 

P.S.

During investigation some emails with X-Mailer: Microsoft Office Outlook, Build 17.551210 which causes process hanging were found.
Maybe they were sent by Outlook (but I cannot check it).

[aleks-f]

would you mind sending a pull, with your case added as test?

[avoronkov]

I've sent a request.
I found that fix requres a bit more changes to be complete.
Also bug was reproduced only during reading from file (ifstream) and was not reproduced during reading from stringstream.
P.S. "Some checks were not successful" on pull request, I'm not sure if they are related to the changes.

[aleks-f]

CI failures do not look like they are related to this.

But, it is a bit strange that file and string streams behave differently; maybe also check good() before putback()?
@obiltschnig

[aleks-f]

not sure if related, but there is a difference between putback() pre-C++11:

If the eofbit flag is set before the call, the function fails (sets failbit and returns).

and post-C++11 behavior:

The function clears the eofbit flag, if set before the call.

[avoronkov]

Ok, I'll check issues with putback once again, maybe additional checks will be good.
P.S. sorry for late answer - was away from my PC for a week.

[avoronkov]

I checked the code/problem again and found the following:

1. Actually to fix reported problem only patch for Net/src/MultipartReader.cpp is required:

--- Net/src/MultipartReader.cpp
+++ Net/src/MultipartReader.cpp
@@ -105,6 +105,9 @@ int MultipartStreamBuf::readFromDevice(char* buffer, std::streamsize length)
        *buffer++ = (char) buf.sbumpc(); ++n;
        ch = buf.sgetc();
    }
+   if (ch == eof) {
+       _lastPart = true;
+   }
    return n;
 }
 

Since the function is called readFromDevice I suggest that it's called for files but not for streams.

2. stream::putback behaves similar for file streams and string stream but its behavior may be different on different compilers. I found that old gcc g++ compiler (4.4.7, centos 6 x64) does not clear eof-bit, while newer g++ (e.g. 4.8.5 on centos 7 x64, 6.3.0, 8.1.1) does. I tried to compile with -std=c++98 and -std=c++14 (where applicable): looks like standard flag does not change this behavior, it depends only on compiler version.
   One more thing: even if putback() clears eofbit, failbit is still set that's why stream's still not good() after putback.

So, I can rework my pull-request dropping changes in Net/src/MessageHeader.cpp since they are not required. (But you may want to leave them since putback definitely may change stream state).

What do you think about it?

[aleks-f]

yes, add this and leave the earlier checks, too