[20434] in bugtraq
Re: SECURITY.NNOV: The Bat! bug
daemon@ATHENA.MIT.EDU (Nick FitzGerald)
Wed Apr 25 12:24:33 2001
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Message-ID: <200104250944.VAA27681@fep3-orange.clear.net.nz>
Date: Wed, 25 Apr 2001 21:42:34 +1300
Reply-To: nick@virus-l.demon.co.uk
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200104241026.f3OAQYWa007419@leija.fmi.fi>
hurtta+z3@leija.mh.fmi.fi wrote:
> > I was reminded of this again recently because a Notes user on another
> > list complained that a list "control" message they sent was bounced.
> > That list processer reads its commands from the Subject: line and
> > it turned out that the combination of Notes client and Notes SMTP
> > gateway happily sent a non-standards compliant message, failing to
> > put the required blank line at the end of the message header block.
> > It was the SMTP server on the list processer machine, not the list
> > processor, that rejected the message, and it did so because it was
> > not a valid message according to the standards (a message can have a
> > null body but the header block ends with the first blank line).
>
> Well,
>
> Actually message standards (or RFC 822 actually) doe snot requile that blank line,
> if message do not have body.
>
> Note that grammar is:
>
> message = fields *( CRLF *text ) ; Everything after
> ; first null line
> ; is message body
> Therefore
>
> message = fields
>
> is also valid (ie, without that CRLF.)
So it is.
On re-reading RFC822 I guess I've always (incorrectly) based my
interpretation on the textual description, for example:
3.1. GENERAL DESCRIPTION
A message consists of header fields and, optionally, a body.
The body is simply a sequence of lines containing ASCII charac-
ters. It is separated from the headers by a null line (i.e., a
line with nothing preceding the CRLF).
And:
B.2. SEMANTICS
Headers occur before the message body and are terminated by
a null line (i.e., two contiguous CRLFs).
And note the comment in your quote above:
; Everything after
; first null line
; is message body
(This comment is repeated later in Appendix D too.)
> I'm afrain that Notes is correct on here....
Yes -- a pity the drafters of those RFCs wrote them so ambiguously
and I've always preferred words to formulae (diagrams are good
though...).
Regards,
Nick FitzGerald
