diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-09-20 20:26:15 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-09-20 20:26:15 +0100 |
commit | 90848cca7a60e62a1644f714da9b8e0fa934e2e0 (patch) | |
tree | 2ef89db7bd7bd65d143e3391159e11cbf31c7797 | |
parent | cae3206e6d9b23ff9f4abe9177c473eb13646598 (diff) | |
download | rspamd-90848cca7a60e62a1644f714da9b8e0fa934e2e0.tar.gz rspamd-90848cca7a60e62a1644f714da9b8e0fa934e2e0.zip |
[Fix] Fix rubbish QP sequences decoding
-rw-r--r-- | src/libutil/str_util.c | 46 |
1 files changed, 37 insertions, 9 deletions
diff --git a/src/libutil/str_util.c b/src/libutil/str_util.c index 6b0cc3b68..fc53a8711 100644 --- a/src/libutil/str_util.c +++ b/src/libutil/str_util.c @@ -2427,9 +2427,15 @@ decode: remain --; ret = 0; - if (c >= '0' && c <= '9') { ret = c - '0'; } - else if (c >= 'A' && c <= 'F') { ret = c - 'A' + 10; } - else if (c >= 'a' && c <= 'f') { ret = c - 'a' + 10; } + if (c >= '0' && c <= '9') { + ret = c - '0'; + } + else if (c >= 'A' && c <= 'F') { + ret = c - 'A' + 10; + } + else if (c >= 'a' && c <= 'f') { + ret = c - 'a' + 10; + } else if (c == '\r') { /* Eat one more endline */ if (remain > 0 && *p == '\n') { @@ -2445,9 +2451,13 @@ decode: } else { /* Hack, hack, hack, treat =<garbadge> as =<garbadge> */ - if (remain > 0) { + if (end - o > 1) { + *o++ = '='; *o++ = *(p - 1); } + else { + return (-1); + } continue; } @@ -2455,10 +2465,30 @@ decode: if (remain > 0) { c = *p++; ret *= 16; + remain --; - if (c >= '0' && c <= '9') { ret += c - '0'; } - else if (c >= 'A' && c <= 'F') { ret += c - 'A' + 10; } - else if (c >= 'a' && c <= 'f') { ret += c - 'a' + 10; } + if (c >= '0' && c <= '9') { + ret += c - '0'; + } + else if (c >= 'A' && c <= 'F') { + ret += c - 'A' + 10; + } + else if (c >= 'a' && c <= 'f') { + ret += c - 'a' + 10; + } + else { + /* Treat =<good><rubbish> as =<good><rubbish> */ + if (end - o > 2) { + *o++ = '='; + *o++ = *(p - 2); + *o++ = *(p - 1); + } + else { + return (-1); + } + + continue; + } if (end - o > 0) { *o++ = (gchar)ret; @@ -2466,8 +2496,6 @@ decode: else { return (-1); } - - remain --; } } else { |