#9 ytnef can't read a winmail.dat file from exchange 2007

[Anonymous]

yTNEF failed to read a winmail.dat generated by exchange 2007.

in TNEFGetHeader() the size read from the header seems to be erroneous (117506305 bytes)

output of ytnefprint :

Attempting to parse o2007.winmail.dat...
DEBUG(2/7): About to initialize
DEBUG(3/7):Opening o2007.winmail.dat
DEBUG(2/7): Initialization finished
DEBUG(2/7): Reading Signature
DEBUG(3/7):Reading 1 blocks of 4 size
DEBUG(2/7): Checking Signature
DEBUG(2/7): Reading Key.
DEBUG(3/7):Reading 1 blocks of 2 size
DEBUG(2/7):Key = 14405
DEBUG(2/7): Starting Full Processing.
DEBUG(2/7): About to read Component
DEBUG(3/7):Reading 1 blocks of 1 size
DEBUG(2/7): About to read type
DEBUG(3/7):Reading 1 blocks of 4 size
DEBUG(2/7):Type = 67670022
DEBUG(2/7): About to read size
DEBUG(3/7):Reading 1 blocks of 4 size
DEBUG(2/7):Size = 117506305
DEBUG(2/7):Header says type=67670022, size=117506305
DEBUG(3/7):Reading 117506305 blocks of 1 size
ERROR: Error reading data
ERROR: Unable to read data.
DEBUG(3/7):Closing file o2007.winmail.dat
---> In format

[Nobody/Anonymous]

an example of erroneous winmail.dat

[Pierre DELAAGE]

The bug comes from the fact that EVERY 0x00 hex byte has been SUPPRESSED
in the winmail.dat file by some (probably custom) mail filter.
IT IS NOT a (y)tnef bug.
IT IS PROBABLY not an evolution in MS tnef format nor a bug in MS exch
tnef implementation.
I will post later a message about other (mail) filter issues on linux
platform decoding win formats, issues that I am currently working on.
To confirm that, I have analyzed by hand the first fields of the
winmail.dat sample: every where I expected a 0x00 to appear, dixit the tnef
docs, I got instead the next (sometimes easily predictable) non null digit
appearing.
Also if you try to search 0x00 in that file with an hex editor, then you
will see that it is totally absent: which is statistically impossible,
particularly in tnef format.

PS : I posted the same message on tnef bug tracker.
Just in case it may help.