| changeset 549: |
936f92576bda |
| parent 548: | 491e607fe710 |
|---|
| child 550: | 70df0d213af0 |
|---|
| author: |
Simon Horman <horms@verge.net.au> |
| date: |
Wed Oct 31 15:09:28 2007 +0900 (2 years ago) |
| files: |
ChangeLog perdition/imap4_in.c |
| description: |
Verify that tag read from end-users is valid |
1--- a/ChangeLog Mon Oct 29 15:48:47 2007 +0900
2+++ b/ChangeLog Wed Oct 31 15:09:28 2007 +0900
3@@ -12,6 +12,9 @@
4 Thanks to Robert Edmonds
5 (Debian Bug: #412151)
6 - Don't dereference sockname in main() if it isn't intialised
7+ - Verify that tag read from end-users is valid
8+ - Various Debian packaging updates
9+ - Fixed documentation of map_library. Thanks to Anand Kumria.
10
11 22nd February 2007
12 (Horms)
1.1--- a/perdition/imap4_in.c Mon Oct 29 15:48:47 2007 +0900
1.2+++ b/perdition/imap4_in.c Wed Oct 31 15:09:28 2007 +0900
1.3@@ -276,6 +276,76 @@
1.4
1.5 #endif /* WITH_PAM_SUPPORT */
1.6
1.7+/**********************************************************************
1.8+ * imap4_in_verify_tag_str
1.9+ * Verify that a tag is valid
1.10+ * Pre: tag: io_t to write to
1.11+ * Return 0 on success
1.12+ * -1 otherwise
1.13+ **********************************************************************/
1.14+
1.15+/* Excerpts from rfc3501, Section 9. Formal Syntax
1.16+ *
1.17+ * The ASCII NUL character, %x00, MUST NOT be used at any time.
1.18+ *
1.19+ * tag = 1*<any ASTRING-CHAR except "+">
1.20+ *
1.21+ * ATOM-CHAR = <any CHAR except atom-specials>
1.22+ *
1.23+ * atom-specials = "(" / ")" / "{" / SP / CTL / list-wildcards /
1.24+ * quoted-specials / resp-specials
1.25+ *
1.26+ * list-wildcards = "%" / "*"
1.27+ *
1.28+ * quoted-specials = DQUOTE / "\"
1.29+ *
1.30+ * resp-specials = "]"
1.31+ *
1.32+ * Excerpts from rfc2060, Section 9. Formal Syntax
1.33+ *
1.34+ * CHAR ::= <any 7-bit US-ASCII character except NUL,
1.35+ * 0x01 - 0x7f>
1.36+ *
1.37+ * CTL ::= <any ASCII control character and DEL,
1.38+ * 0x00 - 0x1f, 0x7f>
1.39+ */
1.40+
1.41+static int imap4_in_verify_tag_str(const token_t *tag)
1.42+{
1.43+ unsigned char *tag_str;
1.44+ size_t tag_str_len, i;
1.45+
1.46+ tag_str_len = token_len(tag);
1.47+
1.48+ if (!tag_str_len)
1.49+ return -1;
1.50+
1.51+ tag_str = token_buf(tag);
1.52+
1.53+ for (i = 0; i < tag_str_len; i++) {
1.54+ /* Must be ASCII, must not be a control character */
1.55+ if (tag_str[i] <= 0x1f || tag_str[i] >= 0x7f)
1.56+ return -1;
1.57+ /* Must not be other reserved characters */
1.58+ switch(tag_str[i]) {
1.59+ case '\0':
1.60+ case '(':
1.61+ case ')':
1.62+ case '{':
1.63+ case ' ':
1.64+ case '%':
1.65+ case '*':
1.66+ case '"':
1.67+ case '\\':
1.68+ case ']':
1.69+ return -1;
1.70+ }
1.71+ }
1.72+
1.73+ return 0;
1.74+}
1.75+
1.76+
1.77
1.78 /**********************************************************************
1.79 * imap4_in_get_pw
1.80@@ -341,15 +411,15 @@
1.81 break;
1.82 }
1.83
1.84+ if (imap4_in_verify_tag_str(tag)) {
1.85+ token_assign(tag, (unsigned char *)strdup(IMAP4_UNTAGGED),
1.86+ strlen(IMAP4_UNTAGGED), 0);
1.87+ __IMAP4_IN_BAD("Invalid tag, mate");
1.88+ goto loop;
1.89+ }
1.90+
1.91 if(token_is_eol(tag)){
1.92- if(token_is_null(tag)){
1.93- token_assign(tag, (unsigned char *)strdup(IMAP4_BAD),
1.94- strlen(IMAP4_BAD), 0);
1.95- __IMAP4_IN_BAD("Null tag, mate");
1.96- }
1.97- else {
1.98- __IMAP4_IN_BAD("Missing command, mate");
1.99- }
1.100+ __IMAP4_IN_BAD("Missing command, mate");
1.101 goto loop;
1.102 }
1.103
