diff options
| author | Christian Neukirchen <chneukirchen@gmail.com> | 2016-07-14 17:43:09 +0200 |
|---|---|---|
| committer | Christian Neukirchen <chneukirchen@gmail.com> | 2016-07-14 17:43:09 +0200 |
| commit | 1a1f01ecf9bf4521386905df87f2253a78e4ddc9 (patch) | |
| tree | dec5678b2d2f401608dfb513801243edc9d58ef7 /rfc2047.c | |
| parent | 8b8f3910520abb917a052ad66c1a526c1d097906 (diff) | |
| download | mblaze-1a1f01ecf9bf4521386905df87f2253a78e4ddc9.tar.gz mblaze-1a1f01ecf9bf4521386905df87f2253a78e4ddc9.tar.xz mblaze-1a1f01ecf9bf4521386905df87f2253a78e4ddc9.zip | |
rfc2047: blaze822_decode_qp: check bounds
Diffstat (limited to 'rfc2047.c')
| -rw-r--r-- | rfc2047.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/rfc2047.c b/rfc2047.c index 2b9dfc0..ed39084 100644 --- a/rfc2047.c +++ b/rfc2047.c @@ -38,8 +38,12 @@ blaze822_decode_qp(char *start, char *stop, char **deco, size_t *decleno) if (*s == '=' && s[1] == '\n') { s += 2; } else if (*s == '=' && s+2 < stop) { - *buf++ = (hex[s[1]] << 4) | hex[s[2]]; + unsigned char c1 = s[1]; + unsigned char c2 = s[2]; s += 3; + if (c1 > 127 || c2 > 127 || hex[c1] < 0 || hex[c2] < 0) + continue; + *buf++ = (hex[c1] << 4) | hex[c2]; } else if (*s == '_') { *buf++ = ' '; s++; |