[Vortex] BUG: Vortex sends messages with incorrect syntax

Jens Alfke jens at mooseyard.com
Fri May 9 19:43:55 CEST 2008 

Unless I'm confused, which is possible, it looks to me as though  
Vortex sends syntactically incorrect BEEP messages. RFC 3080, sec 2.2,  
specifies that messages are in MIME format, and:
> Each frame consists of a header, the payload, and a trailer. The  
> header and trailer are each represented using printable ASCII  
> characters and are terminated with a CRLF pair. Between the header  
> and the trailer is the payload, consisting of zero or more octets.
>

Thus, in the common case where there are no headers, the message must  
begin with a CRLF. Otherwise there's no way to tell whether there are  
headers or not. (Consider a message with no headers whose body begins  
with "Hello: Goodbye\r\n".)

But Vortex doesn't do this. The function  
vortex_frame_build_up_from_params_s (at vortex_frame_factory:384) only  
appends a CRLF if there are headers.

The only reason Vortex can read its own messages is that the existing  
header-parsing code is a hack that merely checks whether the message  
begins with the string "Content-Type: "; if so, it assumes that's a  
header and removes all the text up to the next CRLF. This has two  
implications:
(1) Anyone using Vortex to send a message whose payload begins with  
"Content-Type:" will find that it got mysteriously deleted on the  
receiving end.
(2) Messages sent by Vortex are unreadable by any other BEEP client,  
since without the leading CRLF a real MIME parser will probably reject  
the message as invalid (unless the payload happens to contain two  
consecutive CRLFs, in which case everything up to them will be  
stripped.)
(3) Messages sent by other BEEP clients are mostly unreadable by  
Vortex, unless they happen to contain nothing but a single Content- 
Type: header. If they contain zero or multiple headers, Vortex can't  
parse them.

It would be trivial to fix this by making  
vortex_frame_build_up_from_params_s always add the CRLF before the  
payload. However, doing this will break compatibility with any earlier  
builds of Vortex, due to reasons 2 and 3. This could be bad news for  
anyone who's deployed applications already using Vortex.

What should we do?

(Has anyone ever tested Vortex for compatibility with other BEEP  
implementations?)

—Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1875 bytes
Desc: not available
Url : http://lists.aspl.es/pipermail/vortex/attachments/20080509/eed801f2/attachment.bin

More information about the Vortex mailing list