dovecot-1.2-sieve: Fixed Sieve script name checking to properly ...

Mon Aug 23 20:39:02 EEST 2010

details:   http://hg.rename-it.nl/dovecot-1.2-sieve/rev/ddea71ad886d
changeset: 1270:ddea71ad886d
user:      Stephan Bosch <stephan at rename-it.nl>
date:      Mon Aug 23 19:28:14 2010 +0200
description:
Fixed Sieve script name checking to properly handle length issues and added 0x00ff as invalid character.

diffstat:

 src/lib-sieve/sieve-script.c |  32 ++++++++++++++++++++++++--------
 1 files changed, 24 insertions(+), 8 deletions(-)

diffs (69 lines):

diff -r b61ef51347b7 -r ddea71ad886d src/lib-sieve/sieve-script.c

--- a/src/lib-sieve/sieve-script.c	Wed Aug 11 17:02:29 2010 +0200
+++ b/src/lib-sieve/sieve-script.c	Mon Aug 23 19:28:14 2010 +0200
@@ -35,8 +35,12 @@
 	const unichar_t *name_chars;
 	size_t namelen = strlen(scriptname);
 
-	/* Check maximum length */
-	if ( namelen > SIEVE_MAX_SCRIPT_NAME_LEN )
+	/* Check minimum length */
+	if ( namelen == 0 )
+		return FALSE;
+
+	/* Check worst-case maximum length */
+	if ( namelen > SIEVE_MAX_SCRIPT_NAME_LEN * 4 )
 		return FALSE;
 
 	/* Intialize array for unicode characters */
@@ -45,16 +49,24 @@
 	/* Convert UTF-8 to UCS4/UTF-32 */
 	if ( uni_utf8_to_ucs4(scriptname, &uni_name) < 0 )
 		return FALSE;
+	name_chars = array_get(&uni_name, &count);
 
-	/* Scan name for invalid characters */
-	name_chars = array_get(&uni_name, &count);
+	/* Check true maximum length */
+	if ( count > SIEVE_MAX_SCRIPT_NAME_LEN )
+		return FALSE;
+
+	/* Scan name for invalid characters
+	 *   FIXME: compliance with Net-Unicode Definition (Section 2 of
+	 *          RFC 5198) is not checked fully and no normalization
+	 *          is performed.
+	 */
 	for ( i = 0; i < count; i++ ) {
 
 		/* 0000-001F; [CONTROL CHARACTERS] */
 		if ( name_chars[i] <= 0x001f )
 			return FALSE;
-		
-		/* 002F; SLASH */
+
+		/* 002F; SLASH (not RFC-prohibited, but '/' is dangerous) */
 		if ( name_chars[i] == 0x002f )
 			return FALSE;
 
@@ -66,6 +78,10 @@
 		if ( name_chars[i] >= 0x0080 && name_chars[i] <= 0x009f )
 			return FALSE;
 
+		/* 00FF */
+		if ( name_chars[i] == 0x00ff )
+			return FALSE;
+
 		/* 2028; LINE SEPARATOR */
 		/* 2029; PARAGRAPH SEPARATOR */
 		if ( name_chars[i] == 0x2028 || name_chars[i] == 0x2029 )
@@ -87,8 +103,8 @@
 	ext = strrchr(filename, '.');
 	if ( ext == NULL || ext == filename || strncmp(ext,".sieve",6) != 0 )
 		return filename;
-	
-	return t_strdup_until(filename, ext);	
+
+	return t_strdup_until(filename, ext);
 }
 
 bool sieve_script_file_has_extension(const char *filename)
