dovecot-2.0-pigeonhole: Fixed Sieve script name checking to prop...

Mon Aug 23 20:26:41 EEST 2010

details:   http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/d51650c8af85
changeset: 1388:d51650c8af85
user:      Stephan Bosch <stephan at rename-it.nl>
date:      Mon Aug 23 19:26:12 2010 +0200
description:
Fixed Sieve script name checking to properly handle length issues and added 0x00ff as invalid character.

diffstat:

 src/lib-sieve/sieve-script.c    |  32 ++++++++++++++++++++++++--------
 src/managesieve/cmd-putscript.c |   2 +-
 2 files changed, 25 insertions(+), 9 deletions(-)

diffs (81 lines):

diff -r 743f6dc8150c -r d51650c8af85 src/lib-sieve/sieve-script.c

--- a/src/lib-sieve/sieve-script.c	Mon Aug 23 19:21:04 2010 +0200
+++ b/src/lib-sieve/sieve-script.c	Mon Aug 23 19:26:12 2010 +0200
@@ -36,8 +36,12 @@
 	const unichar_t *name_chars;
 	size_t namelen = strlen(scriptname);
 
-	/* Check maximum length */
-	if ( namelen > SIEVE_MAX_SCRIPT_NAME_LEN )
+	/* Check minimum length */
+	if ( namelen == 0 )
+		return FALSE;
+
+	/* Check worst-case maximum length */
+	if ( namelen > SIEVE_MAX_SCRIPT_NAME_LEN * 4 )
 		return FALSE;
 
 	/* Intialize array for unicode characters */
@@ -46,16 +50,24 @@
 	/* Convert UTF-8 to UCS4/UTF-32 */
 	if ( uni_utf8_to_ucs4(scriptname, &uni_name) < 0 )
 		return FALSE;
+	name_chars = array_get(&uni_name, &count);
 
-	/* Scan name for invalid characters */
-	name_chars = array_get(&uni_name, &count);
+	/* Check true maximum length */
+	if ( count > SIEVE_MAX_SCRIPT_NAME_LEN )
+		return FALSE;
+
+	/* Scan name for invalid characters
+	 *   FIXME: compliance with Net-Unicode Definition (Section 2 of
+	 *          RFC 5198) is not checked fully and no normalization
+	 *          is performed.
+	 */
 	for ( i = 0; i < count; i++ ) {
 
 		/* 0000-001F; [CONTROL CHARACTERS] */
 		if ( name_chars[i] <= 0x001f )
 			return FALSE;
-		
-		/* 002F; SLASH */
+
+		/* 002F; SLASH (not RFC-prohibited, but '/' is dangerous) */
 		if ( name_chars[i] == 0x002f )
 			return FALSE;
 
@@ -67,6 +79,10 @@
 		if ( name_chars[i] >= 0x0080 && name_chars[i] <= 0x009f )
 			return FALSE;
 
+		/* 00FF */
+		if ( name_chars[i] == 0x00ff )
+			return FALSE;
+
 		/* 2028; LINE SEPARATOR */
 		/* 2029; PARAGRAPH SEPARATOR */
 		if ( name_chars[i] == 0x2028 || name_chars[i] == 0x2029 )
@@ -88,8 +104,8 @@
 	ext = strrchr(filename, '.');
 	if ( ext == NULL || ext == filename || strncmp(ext,".sieve",6) != 0 )
 		return filename;
-	
-	return t_strdup_until(filename, ext);	
+
+	return t_strdup_until(filename, ext);
 }
 
 bool sieve_script_file_has_extension(const char *filename)
diff -r 743f6dc8150c -r d51650c8af85 src/managesieve/cmd-putscript.c
--- a/src/managesieve/cmd-putscript.c	Mon Aug 23 19:21:04 2010 +0200
+++ b/src/managesieve/cmd-putscript.c	Mon Aug 23 19:26:12 2010 +0200
@@ -431,7 +431,7 @@
 	const char *scriptname;
 
 	/* <scriptname> */
-	if ( !client_read_string_args(cmd, 1, FALSE, &scriptname) || *scriptname == '\0' )
+	if ( !client_read_string_args(cmd, 1, FALSE, &scriptname) )
 		return FALSE;
 
 	return cmd_putscript_start(cmd, scriptname);
