Mailing List Archive: ripMIME: general

ripmime header offset.

Index | Next | Previous | View Threaded

mdeshpande at netd

Apr 7, 2006, 12:13 AM

Post #1 of 3 (4973 views)
Permalink

ripmime header offset.

Hello All,
Has anybody used the -e option in ripmime ,which dumps headers in a mail
pack into another file ? IF so in case you have a nested multipart , the
headers printed include a boundary line .Why is this boundary line being
printed as a header line ?

More basic question is , how does ripmime , last attachment in a
multipart ? the last attachment always ends as "---xyz--" BS_cmp
function doesnt distinguish b/w "---xyz" and "---xyz--" .

Please help , i am hard pressed for time . I am attaching a testmessage
over which u can run ripmime to see what i am saying.

Regards,
Manoj

Attachments:

testmessage.txt (5.38 KB)

pldaniels at pldaniels

Apr 7, 2006, 1:54 AM

Post #2 of 3 (4656 views)
Permalink

Re: ripmime header offset. [In reply to]

Manoj,

I am sorry, for I am very busy too at the moment. I will try to answer quickly.

> headers printed include a boundary line .Why is this boundary line being
> printed as a header line ?

Because the boundary line is not part of the actual MIME data/body, I chose to set it as a header line.
ripMIME writes these header lines to the header file for the following reasons

1) It allows you to see the "nesting" of the MIME headers
2) It separates the various header segments in the file (else you'd have a file that contains one continuous
stream of headers with no distinct break.

> multipart ? the last attachment always ends as "---xyz--" BS_cmp
> function doesnt distinguish b/w "---xyz" and "---xyz--" .

Correct, BS_cmp() doesn't distinguish between them because it does a partial match.

Unless someone can quote me from a RFC document, I have never found a statement that strictly required the
presense of the leading -- or trailing -- on the boundary lines. Because of the lack of strict requirements, it's
technically safer for me to ignore those indicators as they may otherwise be used to mislead a decoder into
interpreting the MIME contents as something else (ie, becomes an exploit).

Regards.

--
PLDaniels Software - http://pldaniels.com - Email content filtering
R/C Gear Shop - http://nqrc.com
PGP Public Key at http://www.pldaniels.com/gpg-keys.pld
A.B.N. 19 500 721 806
_______________________________________________
Ripmime-general mailing list
Ripmime-general [at] pldaniels
http://pldaniels.com/mailman/listinfo/ripmime-general

mdeshpande at netd

Apr 7, 2006, 2:18 AM

Post #3 of 3 (4671 views)
Permalink

Re: ripmime header offset. [In reply to]

Paul L Daniels wrote:

>Manoj,
>
> I am sorry, for I am very busy too at the moment. I will try to answer quickly.
>
>
>
>>headers printed include a boundary line .Why is this boundary line being
>>printed as a header line ?
>>
>>
>
> Because the boundary line is not part of the actual MIME data/body, I chose to set it as a header line.
>ripMIME writes these header lines to the header file for the following reasons
>
> 1) It allows you to see the "nesting" of the MIME headers
> 2) It separates the various header segments in the file (else you'd have a file that contains one continuous
>stream of headers with no distinct break.
>
>
Pual , understood your point , i had suspected this . However can i in
any way get offset of first real header ,such as
"content-type=text/plain" in headers you print .Or if i can offset of
attachment start data , can i subtract some number so i can reach the
first real header (not boundary ).
Worst case will be to take the offset of header as the starting point of
boundary ,and then grep for "content-type" or any of the usual headers ?
Is this a viable solution ? Thanks for taking your time off to answer my
question i am really thankful ,thanks

>
>
>>multipart ? the last attachment always ends as "---xyz--" BS_cmp
>>function doesnt distinguish b/w "---xyz" and "---xyz--" .
>>
>>
>
> Correct, BS_cmp() doesn't distinguish between them because it does a partial match.
>
> Unless someone can quote me from a RFC document, I have never found a statement that strictly required the
>presense of the leading -- or trailing -- on the boundary lines. Because of the lack of strict requirements, it's
>technically safer for me to ignore those indicators as they may otherwise be used to mislead a decoder into
>interpreting the MIME contents as something else (ie, becomes an exploit).
>
>Regards.
>
>
>

_______________________________________________
Ripmime-general mailing list
Ripmime-general [at] pldaniels
http://pldaniels.com/mailman/listinfo/ripmime-general

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads