Improved validation for Base64 and QuotedPrintable

jstedfast · jstedfast · commit 17b86632e441 · 2026-01-17T18:00:17.000-05:00
TODO: bring the UUEncodeValidator up to par.
diff --git a/MimeKit/AsyncMimeReader.cs b/MimeKit/AsyncMimeReader.cs
@@ -400,7 +400,7 @@ async Task<ScanContentResult> ScanContentAsync (ScanContentType type, long begin
 			bool midline = false;
 
 			if (DetectMimeComplianceViolations && type == ScanContentType.MimeContent && currentEncoding.HasValue)
-				validator = GetEncodingValidator (currentEncoding.Value);
+				validator = GetEncodingValidator (currentEncoding.Value, beginOffset, beginLineNumber);
 
 			do {
 				int atleast = incomplete ? Math.Max (maxBoundaryLength, (inputEnd - inputIndex) + 1) : maxBoundaryLength;
@@ -436,14 +436,7 @@ async Task<ScanContentResult> ScanContentAsync (ScanContentType type, long begin
 				}
 			} while (boundary == BoundaryType.None);
 
-			if (validator is not null && !validator.Validate ()) {
-				if (validator.Encoding == ContentEncoding.Base64)
-					OnMimeComplianceViolation (MimeComplianceViolation.InvalidBase64Content, beginOffset, beginLineNumber);
-				else if (validator.Encoding == ContentEncoding.UUEncode)
-					OnMimeComplianceViolation (MimeComplianceViolation.InvalidUUEncodedContent, beginOffset, beginLineNumber);
-				else
-					OnMimeComplianceViolation (MimeComplianceViolation.InvalidQuotedPrintableContent, beginOffset, beginLineNumber);
-			}
+			validator?.Flush ();
 
 			// FIXME: need to redesign the above loop so that we don't consume the last <CR><LF> that belongs to the boundary marker.
 			var isEmpty = contentLength == 0;
diff --git a/MimeKit/Encodings/Base64Validator.cs b/MimeKit/Encodings/Base64Validator.cs
@@ -3,7 +3,7 @@
 //
 // Author: Jeffrey Stedfast <jestedfa@microsoft.com>
 //
-// Copyright (c) 2013-2025 .NET Foundation and Contributors
+// Copyright (c) 2013-2026 .NET Foundation and Contributors
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -41,7 +41,9 @@ namespace MimeKit.Encodings {
 	/// </remarks>
 	class Base64Validator : IEncodingValidator
 	{
-		bool invalid;
+		readonly MimeReader reader;
+		long streamOffset;
+		int lineNumber;
 		int padding;
 		int octets;
 
@@ -51,8 +53,14 @@ class Base64Validator : IEncodingValidator
 		/// <remarks>
 		/// Creates a new base64 validator.
 		/// </remarks>
-		public Base64Validator ()
+		/// <param name="reader">The mime reader.</param>
+		/// <param name="streamOffset">The current stream offset.</param>
+		/// <param name="lineNumber">The current line number.</param>
+		public Base64Validator (MimeReader reader, long streamOffset, int lineNumber)
 		{
+			this.reader = reader;
+			this.streamOffset = streamOffset;
+			this.lineNumber = lineNumber;
 		}
 
 		/// <summary>
@@ -95,15 +103,13 @@ unsafe void Validate (ref byte table, byte* input, int length)
 
 					if (rank == 0xFF) {
 						if (c == (byte) '\n') {
-							if (octets % 4 != 0) {
-								invalid = true;
-								return;
-							}
+							if (octets % 4 != 0)
+								reader.OnMimeComplianceViolation (MimeComplianceViolation.IncompleteBase64Quantum, streamOffset, lineNumber);
 
+							lineNumber++;
 							octets = 0;
 						} else if (!c.IsWhitespace ()) {
-							invalid = true;
-							return;
+							reader.OnMimeComplianceViolation (MimeComplianceViolation.InvalidBase64Character, streamOffset, lineNumber);
 						}
 					} else if (c == (byte) '=') {
 						padding = 1;
@@ -112,31 +118,31 @@ unsafe void Validate (ref byte table, byte* input, int length)
 					} else {
 						octets++;
 					}
+
+					streamOffset++;
 				}
 			}
 
 			while (inptr < inend) {
 				byte c = *inptr++;
 
 				if (c == (byte) '\n') {
-					if (octets % 4 != 0) {
-						invalid = true;
-						return;
-					}
+					if (octets % 4 != 0)
+						reader.OnMimeComplianceViolation (MimeComplianceViolation.IncompleteBase64Quantum, streamOffset, lineNumber);
 
+					lineNumber++;
 					octets = 0;
 				} else if (c == (byte) '=') {
 					padding++;
 					octets++;
 
-					if (padding > 2) {
-						invalid = true;
-						return;
-					}
+					if (padding > 2)
+						reader.OnMimeComplianceViolation (MimeComplianceViolation.InvalidBase64Padding, streamOffset, lineNumber);
 				} else if (!c.IsWhitespace ()) {
-					invalid = true;
-					return;
+					reader.OnMimeComplianceViolation (MimeComplianceViolation.Base64CharactersAfterPadding, streamOffset, lineNumber);
 				}
+
+				streamOffset++;
 			}
 		}
 
@@ -160,9 +166,6 @@ public unsafe void Write (byte[] buffer, int startIndex, int length)
 		{
 			ValidateArguments (buffer, startIndex, length);
 
-			if (invalid)
-				return;
-
 			fixed (byte* inbuf = buffer) {
 				ref byte table = ref MemoryMarshal.GetReference (Base64Decoder.base64_rank);
 
@@ -171,15 +174,15 @@ public unsafe void Write (byte[] buffer, int startIndex, int length)
 		}
 
 		/// <summary>
-		/// Validate the content that was written to the validator.
+		/// Flush the validator state.
 		/// </summary>
 		/// <remarks>
-		/// Validates the content that was written to the validator.
+		/// Flushes the validator state.
 		/// </remarks>
-		/// <returns><see langword="true"/> if the content was valid; otherwise, <see langword="false"/>.</returns>
-		public bool Validate ()
+		public void Flush ()
 		{
-			return !invalid && octets % 4 == 0 && padding <= 2;
+			if (octets % 4 != 0)
+				reader.OnMimeComplianceViolation (MimeComplianceViolation.IncompleteBase64Quantum, streamOffset, lineNumber);
 		}
 	}
 }
diff --git a/MimeKit/Encodings/IEncodingValidator.cs b/MimeKit/Encodings/IEncodingValidator.cs
@@ -3,7 +3,7 @@
 //
 // Author: Jeffrey Stedfast <jestedfa@microsoft.com>
 //
-// Copyright (c) 2013-2025 .NET Foundation and Contributors
+// Copyright (c) 2013-2026 .NET Foundation and Contributors
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -63,12 +63,11 @@ interface IEncodingValidator
 		void Write (byte[] buffer, int startIndex, int length);
 
 		/// <summary>
-		/// Validate the content that was written to the validator.
+		/// Flush the validator state.
 		/// </summary>
 		/// <remarks>
-		/// Validates the content that was written to the validator.
+		/// Flushes the validator state.
 		/// </remarks>
-		/// <returns><see langword="true"/> if the content was valid; otherwise, <see langword="false"/>.</returns>
-		bool Validate ();
+		void Flush ();
 	}
 }
diff --git a/MimeKit/Encodings/QuotedPrintableValidator.cs b/MimeKit/Encodings/QuotedPrintableValidator.cs
@@ -3,7 +3,7 @@
 //
 // Author: Jeffrey Stedfast <jestedfa@microsoft.com>
 //
-// Copyright (c) 2013-2025 .NET Foundation and Contributors
+// Copyright (c) 2013-2026 .NET Foundation and Contributors
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -45,10 +45,12 @@ enum QpValidatorState : byte
 			PassThrough,
 			EqualSign,
 			SoftBreak,
-			DecodeByte,
-			Invalid
+			DecodeByte
 		}
 
+		readonly MimeReader reader;
+		long streamOffset;
+		int lineNumber;
 		QpValidatorState state;
 
 		/// <summary>
@@ -57,8 +59,14 @@ enum QpValidatorState : byte
 		/// <remarks>
 		/// Creates a new quoted-printable validator.
 		/// </remarks>
-		public QuotedPrintableValidator ()
+		/// <param name="reader">The mime reader.</param>
+		/// <param name="streamOffset">The current stream offset.</param>
+		/// <param name="lineNumber">The current line number.</param>
+		public QuotedPrintableValidator (MimeReader reader, long streamOffset, int lineNumber)
 		{
+			this.reader = reader;
+			this.streamOffset = streamOffset;
+			this.lineNumber = lineNumber;
 		}
 
 		/// <summary>
@@ -104,6 +112,8 @@ unsafe void Validate (byte* input, int length)
 						if (c == '=') {
 							state = QpValidatorState.EqualSign;
 							break;
+						} else if (c == '\n') {
+							lineNumber++;
 						}
 					}
 					break;
@@ -116,35 +126,39 @@ unsafe void Validate (byte* input, int length)
 						state = QpValidatorState.SoftBreak;
 					} else if (c == '\n') {
 						state = QpValidatorState.PassThrough;
+						lineNumber++;
 					} else {
-						// invalid encoded sequence
-						state = QpValidatorState.Invalid;
-						return;
+						reader.OnMimeComplianceViolation (MimeComplianceViolation.InvalidQuotedPrintableEncoding, streamOffset + (inptr - input), lineNumber);
+						state = QpValidatorState.PassThrough;
 					}
 					break;
 				case QpValidatorState.SoftBreak:
-					state = QpValidatorState.PassThrough;
 					c = *inptr++;
 
-					if (c != '\n') {
-						// invalid encoded sequence
-						state = QpValidatorState.Invalid;
-						return;
+					if (c == '\n') {
+						lineNumber++;
+					} else {
+						reader.OnMimeComplianceViolation (MimeComplianceViolation.InvalidQuotedPrintableSoftBreak, streamOffset + (inptr - input), lineNumber);
 					}
+
+					state = QpValidatorState.PassThrough;
 					break;
 				case QpValidatorState.DecodeByte:
 					c = *inptr++;
 
 					if (!c.IsXDigit ()) {
-						// invalid encoded sequence
-						state = QpValidatorState.Invalid;
-						return;
+						reader.OnMimeComplianceViolation (MimeComplianceViolation.InvalidQuotedPrintableEncoding, streamOffset + (inptr - input), lineNumber);
+
+						if (c == '\n')
+							lineNumber++;
 					}
 
 					state = QpValidatorState.PassThrough;
 					break;
 				}
 			}
+
+			streamOffset += length;
 		}
 
 		/// <summary>
@@ -167,25 +181,24 @@ public unsafe void Write (byte[] buffer, int startIndex, int length)
 		{
 			ValidateArguments (buffer, startIndex, length);
 
-			if (state == QpValidatorState.Invalid)
-				return;
-
 			fixed (byte* inbuf = buffer) {
 				Validate (inbuf + startIndex, length);
 			}
 		}
 
 		/// <summary>
-		/// Validate the content that was written to the validator.
+		/// Flush the validator state.
 		/// </summary>
 		/// <remarks>
-		/// Validates the content that was written to the validator.
+		/// Flushes the validator state.
 		/// </remarks>
-		/// <returns><see langword="true"/> if the content was valid; otherwise, <see langword="false"/>.</returns>
-		public bool Validate ()
+		public void Flush ()
 		{
 			// Note: the only valid state to end on is the pass-through state.
-			return state == QpValidatorState.PassThrough;
+			if (state == QpValidatorState.EqualSign || state == QpValidatorState.DecodeByte)
+				reader.OnMimeComplianceViolation (MimeComplianceViolation.InvalidQuotedPrintableEncoding, streamOffset, lineNumber);
+			else if (state == QpValidatorState.SoftBreak)
+				reader.OnMimeComplianceViolation (MimeComplianceViolation.InvalidQuotedPrintableSoftBreak, streamOffset, lineNumber);
 		}
 	}
 }
diff --git a/MimeKit/Encodings/UUValidator.cs b/MimeKit/Encodings/UUValidator.cs
@@ -3,7 +3,7 @@
 //
 // Author: Jeffrey Stedfast <jestedfa@microsoft.com>
 //
-// Copyright (c) 2013-2025 .NET Foundation and Contributors
+// Copyright (c) 2013-2026 .NET Foundation and Contributors
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -61,6 +61,9 @@ enum UUValidatorState : byte
 			Invalid
 		}
 
+		readonly MimeReader reader;
+		long streamOffset;
+		int lineNumber;
 		UUValidatorState state;
 		byte nsaved;
 		byte uulen;
@@ -71,8 +74,14 @@ enum UUValidatorState : byte
 		/// <remarks>
 		/// Creates a new Unix-to-Unix validator.
 		/// </remarks>
-		public UUValidator ()
+		/// <param name="reader">The mime reader.</param>
+		/// <param name="streamOffset">The current stream offset.</param>
+		/// <param name="lineNumber">The current line number.</param>
+		public UUValidator (MimeReader reader, long streamOffset, int lineNumber)
 		{
+			this.reader = reader;
+			this.streamOffset = streamOffset;
+			this.lineNumber = lineNumber;
 		}
 
 		/// <summary>
@@ -102,6 +111,7 @@ static void ValidateArguments (byte[] input, int startIndex, int length)
 		[MethodImpl (MethodImplOptions.AggressiveInlining)]
 		unsafe bool ScanBeginMarker (ref byte* inptr, byte* inend)
 		{
+			// TODO: properly track streamOffset and lineNumber for error reporting
 			while (inptr < inend) {
 				if (state == UUValidatorState.ExpectBegin) {
 					if (nsaved != 0 && nsaved != (byte) '\n') {
@@ -262,6 +272,7 @@ unsafe bool ScanBeginMarker (ref byte* inptr, byte* inend)
 		[MethodImpl (MethodImplOptions.AggressiveInlining)]
 		unsafe void Validate (byte* input, int length)
 		{
+			// TODO: properly track streamOffset and lineNumber for error reporting
 			bool last_was_eoln = uulen == 0;
 			byte* inend = input + length;
 			byte* inptr = input;
@@ -415,16 +426,15 @@ public unsafe void Write (byte[] buffer, int startIndex, int length)
 		}
 
 		/// <summary>
-		/// Validate the content that was written to the validator.
+		/// Flush the validator state.
 		/// </summary>
 		/// <remarks>
-		/// Validates the content that was written to the validator.
+		/// Flushes the validator state.
 		/// </remarks>
-		/// <returns><see langword="true"/> if the content was valid; otherwise, <see langword="false"/>.</returns>
-		public bool Validate ()
+		public void Flush ()
 		{
 			// Note: the only valid state to end on is the 'end' state.
-			return state == UUValidatorState.End;
+			// TODO: report any remaining error(s).
 		}
 	}
 }
diff --git a/MimeKit/MimeComplianceViolation.cs b/MimeKit/MimeComplianceViolation.cs
diff --git a/MimeKit/MimeReader.cs b/MimeKit/MimeReader.cs
