RFR: 2637: Decoding emails from quoted-printable is broken
Erik Joelsson
erikj at openjdk.org
Fri Dec 12 23:56:24 UTC 2025
On Fri, 12 Dec 2025 23:11:38 GMT, Zhao Song <zsong at openjdk.org> wrote:
>> email/src/main/java/org/openjdk/skara/email/Email.java line 148:
>>
>>> 146: }
>>> 147: default : {
>>> 148: out[j++] = (byte) Integer.parseInt("" + (char) in[i++] + (char) in[i], 16);
>>
>> There is no boundary check here, so it always assumes there are two digits following the "=". I don't know if it's possible for mailman server to return malformed data, but if it happens, the bot will endlessly process the malformed input.
>
> Oh, I was wrong, the exception will be catched at Mbox#splitMbox(), so the bot won't process the malformed data endlessly.
Hm, not sure what's better, ignoring the email or trying our best to handle a malformed encoding. We don't even log the issue. Should probably do that at least in Mbox#splitMbox.
-------------
PR Review Comment: https://git.openjdk.org/skara/pull/1747#discussion_r2615871120
More information about the skara-dev
mailing list