X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/0590cedca75c01811972b2f694f60f24028ee973..0e2b222fc14b8f890fab644118cf0f43abbe450a:/lib/mime.c

diff --git a/lib/mime.c b/lib/mime.c
index 78a8bd3..5db7585 100644
--- a/lib/mime.c
+++ b/lib/mime.c
@@ -381,15 +381,19 @@ int mime_multipart(const char *s,
   int ret;
 
   /* We must start with a boundary string */
-  if(!isboundary(s, boundary, bl))
+  if(!isboundary(s, boundary, bl)) {
+    error(0, "mime_multipart: first line is not the boundary string");
     return -1;
+  }
   /* Keep going until we hit a final boundary */
   while(!isfinal(s, boundary, bl)) {
     s = strstr(s, "\r\n") + 2;
     start = s;
     while(!isboundary(s, boundary, bl)) {
-      if(!(e = strstr(s, "\r\n")))
+      if(!(e = strstr(s, "\r\n"))) {
+	error(0, "mime_multipart: line does not end CRLF");
 	return -1;
+      }
       s = e + 2;
     }
     if((ret = callback(xstrndup(start,
@@ -527,6 +531,26 @@ static int cookie_separator(int c) {
   }
 }
 
+/** @brief Match cookie value separator characters
+ *
+ * Same as cookie_separator() but allows for @c = in cookie values.
+ */
+static int cookie_value_separator(int c) {
+  switch(c) {
+  case '(':
+  case ')':
+  case ',':
+  case ';':
+  case ' ':
+  case '"':
+  case '\t':
+    return 1;
+
+  default:
+    return 0;
+  }
+}
+
 /** @brief Parse a RFC2109 Cookie: header
  * @param s Header field value
  * @param cd Where to store result
@@ -557,7 +581,7 @@ int parse_cookie(const char *s,
       return -1;
     }
     s = skipwhite(s, 0);
-    if(!(s = mime_parse_word(s, &v, cookie_separator))) {
+    if(!(s = mime_parse_word(s, &v, cookie_value_separator))) {
       error(0, "parse_cookie: cannot parse value for '%s'", n);
       return -1;
     }