dovecot-2.2: lib-imap: imap-utf7 - reject bogus characters in th...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/6abfa33c73a8
changeset: 17660:6abfa33c73a8
user:      Phil Carmody <phil at dovecot.fi>
date:      Mon Jul 28 16:49:47 2014 +0300
description:
lib-imap: imap-utf7 - reject bogus characters in the mUTF7
Only 0x20..0x7e are permitted, as "All other characters (octet values
0x00-0x1f and 0x7f-0xff) are represented in modified BASE64, ...".

Signed-off-by: Phil Carmody <phil at dovecot.fi>

diffstat:

 src/lib-imap/imap-utf7.c |  12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diffs (36 lines):

diff -r 6dbce666f8d3 -r 6abfa33c73a8 src/lib-imap/imap-utf7.c
--- a/src/lib-imap/imap-utf7.c	Mon Jul 28 16:49:47 2014 +0300
+++ b/src/lib-imap/imap-utf7.c	Mon Jul 28 16:49:47 2014 +0300
@@ -239,7 +239,9 @@
 	const char *p;
 
 	for (p = src; *p != '\0'; p++) {
-		if (*p == '&' || (unsigned char)*p >= 0x80)
+		if (*p < 0x20 || *p >= 0x7f)
+			return -1;
+		if (*p == '&')
 			break;
 	}
 	if (*p == '\0') {
@@ -247,10 +249,6 @@
 		str_append(dest, src);
 		return 0;
 	}
-	if ((unsigned char)*p >= 0x80) {
-		/* 8bit characters - the input is broken */
-		return -1;
-	}
 
 	/* at least one encoded character */
 	str_append_n(dest, src, p-src);
@@ -280,7 +278,9 @@
 	int ret;
 
 	for (p = src; *p != '\0'; p++) {
-		if (*p == '&' || (unsigned char)*p >= 0x80) {
+		if (*p < 0x20 || *p >= 0x7f)
+			return FALSE;
+		if (*p == '&') {
 			/* slow scan */
 			T_BEGIN {
 				string_t *tmp = t_str_new(128);