[dovecot-cvs] dovecot/src/lib-storage/index/mbox mbox-sync-parse.c,
1.42, 1.43
cras at dovecot.org
cras at dovecot.org
Tue Jul 12 17:43:14 EEST 2005
Update of /var/lib/cvs/dovecot/src/lib-storage/index/mbox
In directory talvi:/tmp/cvs-serv32513/lib-storage/index/mbox
Modified Files:
mbox-sync-parse.c
Log Message:
Try to prevent some broken keyword names.
Index: mbox-sync-parse.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-storage/index/mbox/mbox-sync-parse.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- mbox-sync-parse.c 4 Jul 2005 11:32:28 -0000 1.42
+++ mbox-sync-parse.c 12 Jul 2005 14:43:11 -0000 1.43
@@ -109,6 +109,19 @@
return TRUE;
}
+static int keyword_is_valid(const char *keyword)
+{
+ /* try to only prevent the most malicious looking keywords. */
+ for (; *keyword != '\0'; keyword++) {
+ if (*keyword == '(' || *keyword == ')' ||
+ *keyword == '{' || *keyword == '}' ||
+ *keyword == '\\' || *keyword == '"' ||
+ (unsigned char)*keyword <= 32)
+ return FALSE;
+ }
+ return TRUE;
+}
+
static void
parse_imap_keywords_list(struct mbox_sync_mail_context *ctx,
struct message_header_line *hdr, size_t pos)
@@ -135,8 +148,11 @@
t_push();
keyword = t_strndup(hdr->full_value + keyword_start,
pos - keyword_start);
- (void)mail_index_keyword_lookup(ctx->sync_ctx->mbox->ibox.index,
- keyword, TRUE, &idx);
+ if (keyword_is_valid(keyword)) {
+ (void)mail_index_keyword_lookup(
+ ctx->sync_ctx->mbox->ibox.index,
+ keyword, TRUE, &idx);
+ }
t_pop();
count++;
More information about the dovecot-cvs
mailing list