dovecot-1.2-sieve: Fixed Sieve script name checking to properly ...
pigeonhole at rename-it.nl
pigeonhole at rename-it.nl
Mon Aug 23 20:39:02 EEST 2010
details: http://hg.rename-it.nl/dovecot-1.2-sieve/rev/ddea71ad886d
changeset: 1270:ddea71ad886d
user: Stephan Bosch <stephan at rename-it.nl>
date: Mon Aug 23 19:28:14 2010 +0200
description:
Fixed Sieve script name checking to properly handle length issues and added 0x00ff as invalid character.
diffstat:
src/lib-sieve/sieve-script.c | 32 ++++++++++++++++++++++++--------
1 files changed, 24 insertions(+), 8 deletions(-)
diffs (69 lines):
diff -r b61ef51347b7 -r ddea71ad886d src/lib-sieve/sieve-script.c
--- a/src/lib-sieve/sieve-script.c Wed Aug 11 17:02:29 2010 +0200
+++ b/src/lib-sieve/sieve-script.c Mon Aug 23 19:28:14 2010 +0200
@@ -35,8 +35,12 @@
const unichar_t *name_chars;
size_t namelen = strlen(scriptname);
- /* Check maximum length */
- if ( namelen > SIEVE_MAX_SCRIPT_NAME_LEN )
+ /* Check minimum length */
+ if ( namelen == 0 )
+ return FALSE;
+
+ /* Check worst-case maximum length */
+ if ( namelen > SIEVE_MAX_SCRIPT_NAME_LEN * 4 )
return FALSE;
/* Intialize array for unicode characters */
@@ -45,16 +49,24 @@
/* Convert UTF-8 to UCS4/UTF-32 */
if ( uni_utf8_to_ucs4(scriptname, &uni_name) < 0 )
return FALSE;
+ name_chars = array_get(&uni_name, &count);
- /* Scan name for invalid characters */
- name_chars = array_get(&uni_name, &count);
+ /* Check true maximum length */
+ if ( count > SIEVE_MAX_SCRIPT_NAME_LEN )
+ return FALSE;
+
+ /* Scan name for invalid characters
+ * FIXME: compliance with Net-Unicode Definition (Section 2 of
+ * RFC 5198) is not checked fully and no normalization
+ * is performed.
+ */
for ( i = 0; i < count; i++ ) {
/* 0000-001F; [CONTROL CHARACTERS] */
if ( name_chars[i] <= 0x001f )
return FALSE;
-
- /* 002F; SLASH */
+
+ /* 002F; SLASH (not RFC-prohibited, but '/' is dangerous) */
if ( name_chars[i] == 0x002f )
return FALSE;
@@ -66,6 +78,10 @@
if ( name_chars[i] >= 0x0080 && name_chars[i] <= 0x009f )
return FALSE;
+ /* 00FF */
+ if ( name_chars[i] == 0x00ff )
+ return FALSE;
+
/* 2028; LINE SEPARATOR */
/* 2029; PARAGRAPH SEPARATOR */
if ( name_chars[i] == 0x2028 || name_chars[i] == 0x2029 )
@@ -87,8 +103,8 @@
ext = strrchr(filename, '.');
if ( ext == NULL || ext == filename || strncmp(ext,".sieve",6) != 0 )
return filename;
-
- return t_strdup_until(filename, ext);
+
+ return t_strdup_until(filename, ext);
}
bool sieve_script_file_has_extension(const char *filename)
More information about the dovecot-cvs
mailing list