summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeah Neukirchen <leah@vuxu.org>2017-12-05 16:59:31 +0100
committerLeah Neukirchen <leah@vuxu.org>2017-12-05 16:59:31 +0100
commitba4a0cf589d4465d5217cc24b4d3dd0857f6cb0e (patch)
treef8021dde4f88924095b2fe611032bbddde87c533
parent4d404753642db08df0d86876845b96ba0ea3b0c5 (diff)
downloadmblaze-ba4a0cf589d4465d5217cc24b4d3dd0857f6cb0e.tar.gz
mblaze-ba4a0cf589d4465d5217cc24b4d3dd0857f6cb0e.tar.xz
mblaze-ba4a0cf589d4465d5217cc24b4d3dd0857f6cb0e.zip
rfc2047: blaze822_decode_rfc2047: don't decode encoded-words that contain NUL bytes
This is a lax interpretation of RFC 2047, 4.5:
> Only printable and white space character data should be encoded using
> this scheme.  However, since these encoding schemes allow the
> encoding of arbitrary octet values, mail readers that implement this
> decoding should also ensure that display of the decoded data on the
> recipient's terminal will not cause unwanted side-effects.

Since many of the code that deals with header values does not support
inline NUL bytes, it's best to not decode them here.
We check for this after iconv, so quoted-printable UTF-32 e.g. should be
safe.

Also see https://www.mailsploit.com/
-rw-r--r--rfc2047.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/rfc2047.c b/rfc2047.c
index c152922..ab65772 100644
--- a/rfc2047.c
+++ b/rfc2047.c
@@ -132,7 +132,7 @@ blaze822_decode_rfc2047(char *dst, char *src, size_t dlen, char *tgtenc)
 
 	char *b = src;
 
-	// use memmem
+	// XXX use memmem
 	char *s = strstr(src, "=?");
 	if (!s)
 		goto nocodeok;
@@ -233,6 +233,9 @@ blaze822_decode_rfc2047(char *dst, char *src, size_t dlen, char *tgtenc)
 			}
 		}
 
+		if (memchr(dst, 0, dlen))
+			goto nocode;
+
 		while (!partial && declen && dlen) {
 			*dst++ = *dec++;
 			declen--;