[Feature] Do not trust CTE, check base64 and qp strictly

diff --git a/src/libmime/message.h b/src/libmime/message.h
index c4f0e7a8eb37dffb30d335c4a185c92f9dc04293..2e0bd6bd57f95bcf297519a66b68e04ec6b42a89 100644 (file)
--- a/src/libmime/message.h
+++ b/src/libmime/message.h
@@ -23,7 +23,8 @@ enum rspamd_mime_part_flags {
        RSPAMD_MIME_PART_TEXT = (1 << 0),
        RSPAMD_MIME_PART_ATTACHEMENT = (1 << 1),
        RSPAMD_MIME_PART_IMAGE = (1 << 2),
-       RSPAMD_MIME_PART_ARCHIVE = (1 << 3)
+       RSPAMD_MIME_PART_ARCHIVE = (1 << 3),
+       RSPAMD_MIME_PART_BAD_CTE = (1 << 4)
 };
 
 enum rspamd_cte {

diff --git a/src/libmime/mime_parser.c b/src/libmime/mime_parser.c
index 777ef074c3dfa63c9b0a67bad75da860b90b849c..000cc2d9294ea5920fe53c635f2b2be38a8f791f 100644 (file)
--- a/src/libmime/mime_parser.c
+++ b/src/libmime/mime_parser.c
@@ -145,7 +145,7 @@ rspamd_mime_parse_cte (const gchar *in, gsize len)
        return ret;
 }
 
-static void
+static enum rspamd_cte
 rspamd_mime_part_get_cte_heuristic (struct rspamd_task *task,
                struct rspamd_mime_part *part)
 {
@@ -192,8 +192,8 @@ rspamd_mime_part_get_cte_heuristic (struct rspamd_task *task,
                ret = RSPAMD_CTE_8BIT;
        }
 
-       part->cte = ret;
        msg_debug_mime ("detected cte: %s", rspamd_cte_to_string (ret));
+       return ret;
 }
 
 static void
@@ -209,7 +209,8 @@ rspamd_mime_part_get_cte (struct rspamd_task *task, struct rspamd_mime_part *par
                        "Content-Transfer-Encoding", FALSE);
 
        if (hdrs == NULL) {
-               rspamd_mime_part_get_cte_heuristic (task, part);
+               part->cte = rspamd_mime_part_get_cte_heuristic (task, part);
+               part->flags |= RSPAMD_MIME_PART_BAD_CTE;
        }
        else {
                for (i = 0; i < hdrs->len; i ++) {
@@ -221,15 +222,27 @@ rspamd_mime_part_get_cte (struct rspamd_task *task, struct rspamd_mime_part *par
                        cte = rspamd_mime_parse_cte (hdr->value, hlen);
 
                        if (cte != RSPAMD_CTE_UNKNOWN) {
+                               part->cte = cte;
                                break;
                        }
                }
 
-               if (cte == RSPAMD_CTE_UNKNOWN) {
-                       rspamd_mime_part_get_cte_heuristic (task, part);
+               if (part->cte == RSPAMD_CTE_UNKNOWN) {
+                       part->cte = rspamd_mime_part_get_cte_heuristic (task, part);
+               }
+               else if (part->cte == RSPAMD_CTE_B64 || part->cte == RSPAMD_CTE_QP) {
+                       /* Additionally check sanity */
+                       cte = rspamd_mime_part_get_cte_heuristic (task, part);
+
+                       if (cte != part->cte) {
+                               msg_info_task ("incorrect cte specified for part: %s, %s detected",
+                                               rspamd_cte_to_string (part->cte),
+                                               rspamd_cte_to_string (cte));
+                               part->cte = cte;
+                               part->flags |= RSPAMD_MIME_PART_BAD_CTE;
+                       }
                }
                else {
-                       part->cte = cte;
                        msg_debug_mime ("processed cte: %s", rspamd_cte_to_string (cte));
                }
        }