Parse nested multipart emails, fixes #610
This commit is contained in:
parent
e9b05e8ed7
commit
5f75e98861
3 changed files with 90 additions and 26 deletions
|
@ -6,7 +6,7 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release
|
||||||
|
|
||||||
**Bug fixes + maintenance:**
|
**Bug fixes + maintenance:**
|
||||||
|
|
||||||
* Support for base64 encoded emails ([#610](https://github.com/binwiederhier/ntfy/issues/610), thanks to [@Robert-litts](https://github.com/Robert-litts))
|
* Support for base64-encoded and nested multipart emails ([#610](https://github.com/binwiederhier/ntfy/issues/610), thanks to [@Robert-litts](https://github.com/Robert-litts))
|
||||||
|
|
||||||
**Additional languages:**
|
**Additional languages:**
|
||||||
|
|
||||||
|
|
|
@ -22,9 +22,14 @@ var (
|
||||||
errInvalidAddress = errors.New("invalid address")
|
errInvalidAddress = errors.New("invalid address")
|
||||||
errInvalidTopic = errors.New("invalid topic")
|
errInvalidTopic = errors.New("invalid topic")
|
||||||
errTooManyRecipients = errors.New("too many recipients")
|
errTooManyRecipients = errors.New("too many recipients")
|
||||||
|
errMultipartNestedTooDeep = errors.New("multipart message nested too deep")
|
||||||
errUnsupportedContentType = errors.New("unsupported content type")
|
errUnsupportedContentType = errors.New("unsupported content type")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
maxMultipartDepth = 2
|
||||||
|
)
|
||||||
|
|
||||||
// smtpBackend implements SMTP server methods.
|
// smtpBackend implements SMTP server methods.
|
||||||
type smtpBackend struct {
|
type smtpBackend struct {
|
||||||
config *Config
|
config *Config
|
||||||
|
@ -121,7 +126,7 @@ func (s *smtpSession) Data(r io.Reader) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
body, err := readMailBody(msg)
|
body, err := readMailBody(msg.Body, msg.Header)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -203,36 +208,42 @@ func (s *smtpSession) withFailCount(fn func() error) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func readMailBody(msg *mail.Message) (string, error) {
|
func readMailBody(body io.Reader, header mail.Header) (string, error) {
|
||||||
if msg.Header.Get("Content-Type") == "" {
|
if header.Get("Content-Type") == "" {
|
||||||
return readPlainTextMailBody(msg.Body, msg.Header.Get("Content-Transfer-Encoding"))
|
return readPlainTextMailBody(body, header.Get("Content-Transfer-Encoding"))
|
||||||
}
|
}
|
||||||
contentType, params, err := mime.ParseMediaType(msg.Header.Get("Content-Type"))
|
contentType, params, err := mime.ParseMediaType(header.Get("Content-Type"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
if strings.ToLower(contentType) == "text/plain" {
|
if strings.ToLower(contentType) == "text/plain" {
|
||||||
return readPlainTextMailBody(msg.Body, msg.Header.Get("Content-Transfer-Encoding"))
|
return readPlainTextMailBody(body, header.Get("Content-Transfer-Encoding"))
|
||||||
} else if strings.HasPrefix(strings.ToLower(contentType), "multipart/") {
|
} else if strings.HasPrefix(strings.ToLower(contentType), "multipart/") {
|
||||||
return readMultipartMailBody(msg, params)
|
return readMultipartMailBody(body, params, 0)
|
||||||
}
|
}
|
||||||
return "", errUnsupportedContentType
|
return "", errUnsupportedContentType
|
||||||
}
|
}
|
||||||
|
|
||||||
func readMultipartMailBody(msg *mail.Message, params map[string]string) (string, error) {
|
func readMultipartMailBody(body io.Reader, params map[string]string, depth int) (string, error) {
|
||||||
mr := multipart.NewReader(msg.Body, params["boundary"])
|
if depth >= maxMultipartDepth {
|
||||||
|
return "", errMultipartNestedTooDeep
|
||||||
|
}
|
||||||
|
mr := multipart.NewReader(body, params["boundary"])
|
||||||
for {
|
for {
|
||||||
part, err := mr.NextPart()
|
part, err := mr.NextPart()
|
||||||
if err != nil { // may be io.EOF
|
if err != nil { // may be io.EOF
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
partContentType, _, err := mime.ParseMediaType(part.Header.Get("Content-Type"))
|
partContentType, partParams, err := mime.ParseMediaType(part.Header.Get("Content-Type"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
} else if strings.ToLower(partContentType) != "text/plain" {
|
|
||||||
continue
|
|
||||||
}
|
}
|
||||||
return readPlainTextMailBody(part, part.Header.Get("Content-Transfer-Encoding"))
|
if strings.ToLower(partContentType) == "text/plain" {
|
||||||
|
return readPlainTextMailBody(part, part.Header.Get("Content-Transfer-Encoding"))
|
||||||
|
} else if strings.HasPrefix(strings.ToLower(partContentType), "multipart/") {
|
||||||
|
return readMultipartMailBody(part, partParams, depth+1)
|
||||||
|
}
|
||||||
|
// Continue with next part
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -390,10 +390,8 @@ L0VOIj4KClRoaXMgaXMgYSB0ZXN0IG1lc3NhZ2UgZnJvbSBUcnVlTkFTIENPUkUuCg==
|
||||||
writeAndReadUntilLine(t, email, c, scanner, "250 2.0.0 OK: queued")
|
writeAndReadUntilLine(t, email, c, scanner, "250 2.0.0 OK: queued")
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
func TestSmtpBackend_NestedMultipartBase64(t *testing.T) {
|
||||||
func TestSmtpBackend_NestedMultipartBase64(t *testing.T) {
|
email := `EHLO example.com
|
||||||
email := `EHLO example.com
|
|
||||||
|
|
||||||
MAIL FROM: test@mydomain.me
|
MAIL FROM: test@mydomain.me
|
||||||
RCPT TO: ntfy-mytopic@ntfy.sh
|
RCPT TO: ntfy-mytopic@ntfy.sh
|
||||||
DATA
|
DATA
|
||||||
|
@ -431,14 +429,69 @@ L0VOIj4KClRoaXMgaXMgYSB0ZXN0IG1lc3NhZ2UgZnJvbSBUcnVlTkFTIENPUkUuCg==
|
||||||
.
|
.
|
||||||
`
|
`
|
||||||
|
|
||||||
s, c, _, scanner := newTestSMTPServer(t, func(w http.ResponseWriter, r *http.Request) {
|
s, c, _, scanner := newTestSMTPServer(t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
t.Fatal("This should not be called")
|
require.Equal(t, "/mytopic", r.URL.Path)
|
||||||
})
|
require.Equal(t, "TrueNAS truenas.local: TrueNAS Test Message hostname: truenas.local", r.Header.Get("Title"))
|
||||||
defer s.Close()
|
require.Equal(t, "This is a test message from TrueNAS CORE.", readAll(t, r.Body))
|
||||||
defer c.Close()
|
})
|
||||||
writeAndReadUntilLine(t, email, c, scanner, "451 4.0.0 invalid address")
|
defer s.Close()
|
||||||
}
|
defer c.Close()
|
||||||
*/
|
writeAndReadUntilLine(t, email, c, scanner, "250 2.0.0 OK: queued")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestSmtpBackend_NestedMultipartTooDeep(t *testing.T) {
|
||||||
|
email := `EHLO example.com
|
||||||
|
MAIL FROM: test@mydomain.me
|
||||||
|
RCPT TO: ntfy-mytopic@ntfy.sh
|
||||||
|
DATA
|
||||||
|
Content-Type: multipart/mixed; boundary="===============1=="
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Subject: TrueNAS truenas.local: TrueNAS Test Message hostname: truenas.local
|
||||||
|
From: =?utf-8?q?Robbie?= <test@mydomain.me>
|
||||||
|
To: test@mydomain.me
|
||||||
|
Date: Thu, 16 Feb 2023 01:04:00 -0000
|
||||||
|
Message-ID: <truenas-20230216.010400.344514.b'8jfL'@truenas.local>
|
||||||
|
|
||||||
|
This is a multi-part message in MIME format.
|
||||||
|
--===============1==
|
||||||
|
Content-Type: multipart/alternative; boundary="===============2=="
|
||||||
|
MIME-Version: 1.0
|
||||||
|
|
||||||
|
--===============2==
|
||||||
|
Content-Type: multipart/alternative; boundary="===============3=="
|
||||||
|
MIME-Version: 1.0
|
||||||
|
|
||||||
|
--===============3==
|
||||||
|
Content-Type: text/plain; charset="utf-8"
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Transfer-Encoding: base64
|
||||||
|
|
||||||
|
VGhpcyBpcyBhIHRlc3QgbWVzc2FnZSBmcm9tIFRydWVOQVMgQ09SRS4=
|
||||||
|
|
||||||
|
--===============3==
|
||||||
|
Content-Type: text/html; charset="utf-8"
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Transfer-Encoding: base64
|
||||||
|
|
||||||
|
PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
|
||||||
|
L0VOIj4KClRoaXMgaXMgYSB0ZXN0IG1lc3NhZ2UgZnJvbSBUcnVlTkFTIENPUkUuCg==
|
||||||
|
|
||||||
|
--===============3==--
|
||||||
|
|
||||||
|
--===============2==--
|
||||||
|
|
||||||
|
--===============1==--
|
||||||
|
.
|
||||||
|
`
|
||||||
|
|
||||||
|
s, c, _, scanner := newTestSMTPServer(t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
t.Fatal("This should not be called")
|
||||||
|
})
|
||||||
|
defer s.Close()
|
||||||
|
defer c.Close()
|
||||||
|
writeAndReadUntilLine(t, email, c, scanner, "554 5.0.0 Error: transaction failed, blame it on the weather: multipart message nested too deep")
|
||||||
|
}
|
||||||
|
|
||||||
type smtpHandlerFunc func(http.ResponseWriter, *http.Request)
|
type smtpHandlerFunc func(http.ResponseWriter, *http.Request)
|
||||||
|
|
||||||
func newTestSMTPServer(t *testing.T, handler smtpHandlerFunc) (s *smtp.Server, c net.Conn, conf *Config, scanner *bufio.Scanner) {
|
func newTestSMTPServer(t *testing.T, handler smtpHandlerFunc) (s *smtp.Server, c net.Conn, conf *Config, scanner *bufio.Scanner) {
|
||||||
|
|
Loading…
Reference in a new issue