Header decoding issue.

[akissa]

go-message seems to suffer an issue which was previously discovered in perl Mail::Header module.
https://rt.cpan.org/Public/Bug/Display.html?id=113464

The issue involves crafted messages that are usually used to transmit malware bypassing content
scanners.

The header looks like this

--Apple-Mail=_13B14614-BE73-1755-BFC6-C42D9D44027D
Content-Disposition: inline; filename="04EBD_xxxx.xxxx_A546BB.zip"
Content-Type: application/x-rar-compressed; x-unix-mode=0600;
name="04EBD_xxxx.xxxx_A546BB.zip"
Content-Transfer-Encoding: base64

go-message fails to parse this returning unexpected EOF

[akissa]

@emersion Here is my attempt at getting a more tolerant reader, any issues you see with it
https://github.com/emersion/go-message/compare/master...baruwa-enterprise:add-tolerant-reader?expand=1

It adds a new reader leaving the existing one intact to prevent breakage to existing users.

[emersion]

The error message could be improved, but I don't think it's desirable to have this workaround upstream.

[akissa]

@emersion This is not simply fixing an error message. This fixes messages that otherwise would not be parsed at all.

[emersion]

Yes. I'd rather not parse these broken messages.

[iredmail]

If the message cannot be parsed, better give the caller a detailed error message for easy understanding. Otherwise it’s pretty confusing and may cause some more time to figure it out.

[emersion]

Yeah. I agree the error message should be more descriptive.