[Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7

Yesterday I happened to receive an email message with an attachment
described by these headers:

   Content-Type: application/pdf;
           name="=?iso-8859-1?Q?SEAO_-_R=E9sultats_d'ouverture_(002).pdf?="
   Content-Description: 
=?iso-8859-1?Q?SEAO_-_R=E9sultats_d'ouverture_(002).pdf?=
   Content-Disposition: attachment;
           filename="=?iso-8859-1?Q?SEAO_-_R=E9sultats_d'ouverture_(002).pdf?=";
           size=503419; creation-date="Fri, 12 Jan 2018 12:44:41 GMT"; 
           modification-date="Fri, 12 Jan 2018 12:50:33 GMT"
   Content-Transfer-Encoding: base64

My .mh_profile has these relevant entries:

   mhshow-suffix-application/PDF: .pdf
   mhshow-show-application/pdf: %pmime_helper %F %s %{name}

...where mime_helper is a shell script which opens attachments with the
relevant application when run locally, or copies attachments to a remote
desktop machine and opens them there via ssh.  I'm happy to share it if
anyone's interested, but it's not the point right now.

The point is that the attachment failed to open, with these messages:

   [ part 2 - application/pdf - 
=?iso-8859-1?Q?SEAO_-_R=E9sultats_d'ouverture_(002).pdf?= 503.5KB  ]
   /bin/sh: -c: line 0: syntax error near unexpected token `('
   /bin/sh: -c: line 0: `mime_helper '/home/smw/Mail/mhshowdVgoi7.pdf' 'pdf'  
'=?iso-8859-1?Q?SEAO_-_R=E9sultats_d'\'ouverture_(002).pdf?= "$@"'

The right fix is probably to educate people not to use such abominable
filenames :-), but meanwhile I worked around it as follows:

8<-----------------------------   cut here   ---------------------------->8
--- mhshowsbr.c.original        2017-11-17 10:01:46.000000000 -0500
+++ mhshowsbr.c 2018-01-13 16:12:53.270723183 -0500
@@ -803,7 +803,7 @@
                       char *file, char *buffer, size_t buflen,
                       int multipart) {
     int len, quoted = 0;
-    char *bp = buffer, *pp;
+    char *bp = buffer, *pp, *sp;
     CI ci = &ct->c_ctinfo;
 
     bp[0] = bp[buflen] = '\0';
@@ -975,6 +975,18 @@
                    bp++;
                    quoted = 1;
                }
+               /* Escape existing parentheses */
+               sp = pp;
+               while (*sp) {
+                   if (buflen && ((*sp == '(') || (*sp == ')'))) {
+                       len = strlen (sp);
+                       memmove (sp + 1, sp, len+1);
+                       *sp++ = '\\';
+                       buflen--;
+                       bp++;
+                   }
+                   sp++;
+               }
                /* Escape existing quotes */
                while ((pp = strchr (pp, '\'')) && buflen > 3) {
                    len = strlen (pp++);
8<-----------------------------   cut here   ---------------------------->8

I'm passing this on in case this might be considered worth adopting.

I'm not subscribed to this list, so I'd appreciate replies to my personal
address of steven.winikoff@concordia.ca

   Thanks,

     - Steven
-- 
___________________________________________________________________________
Steven Winikoff                | "Writing is easy; all you do is sit
Concordia University           |  staring at a blank sheet of paper
Montreal, QC, Canada           |  until the drops of blood form on
Steven.Winikoff@concordia.ca   |  your forehead."
                               |                           - Gene Fowler

-- 
Nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers