dovecot-2.1-pigeonhole: lib-sieve: updated rfc2822 header field ...

pigeonhole at rename-it.nl pigeonhole at rename-it.nl
Sat Nov 26 12:11:50 EET 2011


details:   http://hg.rename-it.nl/dovecot-2.1-pigeonhole/rev/cdf52ef61f65
changeset: 1551:cdf52ef61f65
user:      Stephan Bosch <stephan at rename-it.nl>
date:      Sat Nov 26 11:09:58 2011 +0100
description:
lib-sieve: updated rfc2822 header field body verification to exclude non-printing characters (RFC5322).

diffstat:

 src/lib-sieve/plugins/enotify/mailto/uri-mailto.c |   3 +-
 src/lib-sieve/rfc2822.c                           |  42 ++++++++++++---------
 src/lib-sieve/rfc2822.h                           |   2 +-
 3 files changed, 27 insertions(+), 20 deletions(-)

diffs (94 lines):

diff -r 6757a772b086 -r cdf52ef61f65 src/lib-sieve/plugins/enotify/mailto/uri-mailto.c
--- a/src/lib-sieve/plugins/enotify/mailto/uri-mailto.c	Thu Nov 24 00:50:11 2011 +0100
+++ b/src/lib-sieve/plugins/enotify/mailto/uri-mailto.c	Sat Nov 26 11:09:58 2011 +0100
@@ -442,7 +442,8 @@
 		if ( hname_type == _HNAME_BODY ) {
 			// FIXME: verify body ... 
 		} else {
-			if ( !rfc2822_header_field_body_verify(str_c(field), str_len(field)) ) {
+			if ( !rfc2822_header_field_body_verify
+				(str_c(field), str_len(field), FALSE, FALSE) ) {
 				uri_mailto_error(parser, "invalid header field body");
 				return FALSE;
 			}
diff -r 6757a772b086 -r cdf52ef61f65 src/lib-sieve/rfc2822.c
--- a/src/lib-sieve/rfc2822.c	Thu Nov 24 00:50:11 2011 +0100
+++ b/src/lib-sieve/rfc2822.c	Sat Nov 26 11:09:58 2011 +0100
@@ -7,6 +7,7 @@
 
 #include "lib.h"
 #include "str.h"
+#include "unichar.h"
 
 #include "rfc2822.h"
 
@@ -38,34 +39,39 @@
 }
 
 bool rfc2822_header_field_body_verify
-(const char *field_body, unsigned int len) 
+(const char *field_body, unsigned int len, bool allow_crlf, bool allow_utf8)
 {
 	const char *p = field_body;
 	const char *pend = p + len;
+	bool is8bit = FALSE;
 
-	/* unstructured    =       *([FWS] utext) [FWS]
-	 * FWS             =       ([*WSP CRLF] 1*WSP) /   ; Folding white space
-	 *                         obs-FWS
-	 * utext           =       NO-WS-CTL /     ; Non white space controls
-	 *                         %d33-126 /      ; The rest of US-ASCII
-	 *                         obs-utext
-	 * NO-WS-CTL       =       %d1-8 /         ; US-ASCII control characters
-	 *                         %d11 /          ;  that do not include the
-	 *                         %d12 /          ;  carriage return, line feed,
-	 *                         %d14-31 /       ;  and white space characters
-	 *                         %d127
-	 * WSP             =  SP / HTAB
-	 */
-
-	/* This verification does not allow content to be folded. This should done
-	 * automatically upon message composition.
+	/* RFC5322:
+	 *
+	 * unstructured    =  (*([FWS] VCHAR) *WSP)
+	 * VCHAR           =  %x21-7E
+	 * FWS             =  ([*WSP CRLF] 1*WSP) /   ; Folding white space
+	 * WSP             =  SP / HTAB               ; White space
 	 */
 
 	while ( p < pend ) {
-		if ( *p == '\0' || *p == '\r' || *p == '\n' || ((unsigned char)*p) > 127 )
+		if ( *p != '\t' && *p < 0x20 )
 			return FALSE;
 
+		if ( (*p == '\r' || *p == '\n') && !allow_crlf )
+			return FALSE;
+
+		if ( !is8bit && ((unsigned char)*p) > 127 ) {
+			if ( !allow_utf8 )
+				return FALSE;
+
+			is8bit = TRUE;
+		}
+
 		p++;
+	}
+
+	if ( is8bit && !uni_utf8_str_is_valid(field_body) ) {
+		return FALSE;
 	}	
 	
 	return TRUE;
diff -r 6757a772b086 -r cdf52ef61f65 src/lib-sieve/rfc2822.h
--- a/src/lib-sieve/rfc2822.h	Thu Nov 24 00:50:11 2011 +0100
+++ b/src/lib-sieve/rfc2822.h	Sat Nov 26 11:09:58 2011 +0100
@@ -15,7 +15,7 @@
 bool rfc2822_header_field_name_verify
 	(const char *field_name, unsigned int len);
 bool rfc2822_header_field_body_verify
-(const char *field_body, unsigned int len);
+	(const char *field_body, unsigned int len, bool allow_crlf, bool allow_utf8);
 
 /*
  *


More information about the dovecot-cvs mailing list