@@ -2088,6 +2088,10 @@ rspamd_decode_qp_buf (const gchar *in, gsize inlen, | |||
if (end - o > 0) { | |||
*o++ = *p; | |||
} | |||
else { | |||
/* Buffer overflow */ | |||
return (-1); | |||
} | |||
break; | |||
} | |||
@@ -2149,9 +2153,29 @@ decode: | |||
processed = pos - o; | |||
remain -= processed; | |||
p += processed; | |||
o = pos - 1; | |||
/* Skip comparison, as we know that we have found match */ | |||
goto decode; | |||
if (remain > 0) { | |||
o = pos - 1; | |||
/* | |||
* Skip comparison and jump inside decode branch, | |||
* as we know that we have found match | |||
*/ | |||
goto decode; | |||
} | |||
else { | |||
/* Last '=' character, bugon */ | |||
o = pos; | |||
if (end - o > 0) { | |||
*o = '='; | |||
} | |||
else { | |||
/* Buffer overflow */ | |||
return (-1); | |||
} | |||
break; | |||
} | |||
} | |||
} | |||
else { |
@@ -95,6 +95,24 @@ context("Quoted-Printable encoding", function() | |||
assert_rspamd_eq(res) | |||
end) | |||
end | |||
-- Decode issues | |||
cases = { | |||
{ | |||
'Mailscape External Mail Flow Outbound Test=', | |||
'Mailscape External Mail Flow Outbound Test=', | |||
'asan found' | |||
}, | |||
} | |||
for _,c in ipairs(cases) do | |||
test("QP decoding test case: " .. c[3], function() | |||
local res = { | |||
expect = c[2], | |||
actual = tostring(rspamd_util.decode_qp(c[1])) | |||
} | |||
assert_rspamd_eq(res) | |||
end) | |||
end | |||
-- Fuzz testing | |||
local charset = {} | |||
@@ -109,7 +127,6 @@ context("Quoted-Printable encoding", function() | |||
end | |||
end | |||
for _,l in ipairs({10, 100, 1000, 10000}) do | |||
test("QP fuzz test max length " .. tostring(l), function() | |||
for _=1,100 do |