[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bugs when decoding tampered signed message


	SFL will get core dump when decoding some tampered signed message. To 
perform te test, you should generate a single part message first. Open it
with a text editor, find the base64 encoded body, and modify the first 'M'
as 'N', or anything else. Now you can try to decode this tampered mail.
	This will cause the mimetest program to be core dumped. I checked the
core, and put the backtrace info at the end of the mail. The bug occurs
when it tries to create a buffer for the ContentInfoMsg. Core dump is not
a good behavior, I prefer a exception or a return code. Please check
this problem when you have time.
	Thanks very much.

(gdb) bt
#0  CSM_Buffer::Length (this=0x0) at c++/sm_buffer.cpp:149
#1  0xdfdd43e0 in CSM_Buffer::Get (this=0x0, l=@0x8046a1c) at c++/sm_buffer.cpp:393
#2  0xdfdd4908 in CSM_Buffer::ReSet (this=0x8242828, b=<incomplete type>)
    at c++/sm_buffer.cpp:492
#3  0xdfdd37bf in CSM_Buffer::CSM_Buffer (this=0x8242828, b=<incomplete type>)
    at c++/sm_buffer.cpp:115
#4  0x8143fe1 in CSM_ContentInfoMsg::CSM_ContentInfoMsg () at ../include/sm_Report.h:303
#5  0x80b37cf in SM_mimeSinglePart (lpszSDCfgFileName=0x0, pCsmime=0x82354e8, 
    CIData=<incomplete type>, lpszContentFile=0x8046d08 "./tuzi/aaa.eml.cnt", output_flag=1)
    at sm_mimeTest.cpp:1125
#6  0x80aee3a in sm_mimeDecode_Basicmessage (msg=0x8240ef0, 
    lpszINFileName=0x8047324 "./tuzi/aaa.eml", pCsmime=0x82354e8) at sm_mimeTest.cpp:201
#7  0x80ae72f in sm_mimeDecode (lpszINFileName=0x8047324 "./tuzi/aaa.eml", 
    lpszSDCfgFileName=0x8047228 "./tuzi/tuziSMIME.cfg", pCsmime=0x82354e8, output_flag=1, 
    verify_flag=1) at sm_mimeTest.cpp:135
#8  0x80ba462 in SM_AutoHiFunction (pszTestFile=0x8047aad "mimetest.cfg", pCSMIME=0x82354e8, 
    pszTestSection=0x80477c8 "auto_hi", output_flag=1, verify_flag=true, lCAPI=0)
    at sm_Autohif.cpp:517
#9  0x80b7aaa in main (argc=2, argv=0x8047958) at sm_Autohi.cpp:186