Fix $mime_part_count for non-mime message on multi-message connection. Bug 2537

3 files changed, 49 insertions, 27 deletions

diff --git a/src/src/mime.c b/src/src/mime.c
index d47b56982..f1efa5c55 100644
--- a/src/src/mime.c
+++ b/src/src/mime.c
@@ -107,23 +107,23 @@ return initial_pos;
 static ssize_t
 mime_decode_asis(FILE* in, FILE* out, uschar* boundary)
 {
-  ssize_t len, size = 0;
-  uschar buffer[MIME_MAX_LINE_LENGTH];
+ssize_t len, size = 0;
+uschar buffer[MIME_MAX_LINE_LENGTH];
 
-  while(fgets(CS buffer, MIME_MAX_LINE_LENGTH, mime_stream) != NULL)
-    {
-    if (boundary != NULL
-       && Ustrncmp(buffer, "--", 2) == 0
-       && Ustrncmp((buffer+2), boundary, Ustrlen(boundary)) == 0
-       )
-      break;
+while(fgets(CS buffer, MIME_MAX_LINE_LENGTH, mime_stream) != NULL)
+  {
+  if (boundary != NULL
+     && Ustrncmp(buffer, "--", 2) == 0
+     && Ustrncmp((buffer+2), boundary, Ustrlen(boundary)) == 0
+     )
+    break;
 
-    len = Ustrlen(buffer);
-    if (fwrite(buffer, 1, (size_t)len, out) < len)
-      return -1;
-    size += len;
-    } /* while */
-  return size;
+  len = Ustrlen(buffer);
+  if (fwrite(buffer, 1, (size_t)len, out) < len)
+    return -1;
+  size += len;
+  } /* while */
+return size;
 }
 
 
@@ -399,6 +399,7 @@ return c == EOF || num_copied == 1 ? 0 : 1;
 }
 
 
+/* reset all per-part mime variables */
 static void
 mime_vars_reset(void)
 {
@@ -725,9 +726,8 @@ while(1)
   if (rc != OK) break;
 
   /* If we have a multipart entity and a boundary, go recursive */
-  if ( (mime_content_type != NULL) &&
-       (nested_context.boundary != NULL) &&
-       (Ustrncmp(mime_content_type,"multipart",9) == 0) )
+  if (  mime_content_type && nested_context.boundary 
+     && Ustrncmp(mime_content_type,"multipart",9) == 0)
     {
     DEBUG(D_acl)
       debug_printf_indent("MIME: Entering multipart recursion, boundary '%s'\n",
@@ -744,25 +744,25 @@ while(1)
     rc = mime_acl_check(acl, f, &nested_context, user_msgptr, log_msgptr);
     if (rc != OK) break;
     }
-  else if ( (mime_content_type != NULL) &&
-	  (Ustrncmp(mime_content_type,"message/rfc822",14) == 0) )
+  else if (  mime_content_type
+	  && Ustrncmp(mime_content_type,"message/rfc822",14) == 0)
     {
-    const uschar *rfc822name = NULL;
-    uschar filename[2048];
+    const uschar * rfc822name = NULL;
+    uschar * filename;
     int file_nr = 0;
     int result = 0;
 
     /* must find first free sequential filename */
-    do
+    for (gstring * g = string_get(64); result != -1; g->ptr = 0)
       {
       struct stat mystat;
-      (void)string_format(filename, 2048,
+      g = string_fmt_append(g,
 	"%s/scan/%s/__rfc822_%05u", spool_directory, message_id, file_nr++);
       /* security break */
       if (file_nr >= 128)
 	goto NO_RFC822;
-      result = stat(CS filename,&mystat);
-      } while (result != -1);
+      result = stat(CS (filename = string_from_gstring(g)), &mystat);
+      }
 
     rfc822name = filename;
 
diff --git a/src/src/receive.c b/src/src/receive.c
index 96a48fe65..6d20a5cda 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -1399,6 +1399,7 @@ for (header_line * my_headerlist = header_list; my_headerlist;
     goto DO_MIME_ACL;
     }
 
+mime_part_count = -1;
 DEBUG(D_receive) debug_printf("No Content-Type: header - presumably not a MIME message.\n");
 return TRUE;
 
@@ -1756,6 +1757,13 @@ if (thismessage_size_limit <= 0) thismessage_size_limit = INT_MAX;
 message_linecount = body_linecount = body_zerocount =
   max_received_linelength = 0;
 
+#ifdef WITH_CONTENT_SCAN
+/* reset non-per-part mime variables */
+mime_is_coverletter    = 0;
+mime_is_rfc822         = 0;
+mime_part_count        = -1;
+#endif
+
 #ifndef DISABLE_DKIM
 /* Call into DKIM to set up the context.  In CHUNKING mode
 we clear the dot-stuffing flag */
diff --git a/src/src/string.c b/src/src/string.c
index fbdc0246d..9f1aeb81d 100644
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -1256,9 +1256,23 @@ g->s = s;
 
 /* Build or append to a growing-string, sprintf-style.
 
+Arguments:
+	g	a growable-string
+	func	called-from function name, for debug
+	line	called-from file line number, for debug
+	limit	maximum string size
+	flags	see below
+	format	printf-like format string
+	ap	variable-args pointer
+
+Flags:
+	SVFMT_EXTEND            buffer can be created or exteded as needed
+	SVFMT_REBUFFER          buffer can be recopied to tainted mem as needed
+	SVFMT_TAINT_NOCHK       do not check inputs for taint
+
 If the "extend" flag is true, the string passed in can be NULL,
 empty, or non-empty.  Growing is subject to an overall limit given
-by the size_limit argument.
+by the limit argument.
 
 If the "extend" flag is false, the string passed in may not be NULL,
 will not be grown, and is usable in the original place after return.