[Fix] Check decoded headers sanity (e.g. by excluding \0)

MFH: rspamd-1.6
author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2017-12-06 20:25:42 +0000
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2017-12-06 20:28:56 +0000
commit: 8c7d0392ac2850820cfebbb1dfd9636215d8cc18 (patch)
tree: 036e56dc5994777895779daeda157b43d82f1648 /src/libmime/mime_headers.c
parent: d7442a934fa1c66c1954ec103cf66f6a80ede16b (diff)
download: rspamd-8c7d0392ac2850820cfebbb1dfd9636215d8cc18.tar.gz
rspamd-8c7d0392ac2850820cfebbb1dfd9636215d8cc18.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/src/libmime/mime_headers.c b/src/libmime/mime_headers.c
index 95f8d9ba6..be83025f5 100644
--- a/src/libmime/mime_headers.c
+++ b/src/libmime/mime_headers.c
@@ -507,6 +507,20 @@ rspamd_mime_header_maybe_save_token (rspamd_mempool_t *pool, GString *out,
 	memcpy (old_charset, new_charset, sizeof (*old_charset));
 }
 
+static void
+rspamd_mime_header_sanity_check (GString *str)
+{
+	gsize i;
+	gchar t;
+
+	for (i = 0; i < str->len; i ++) {
+		t = str->str[i];
+		if (!((t & 0x80) || g_ascii_isgraph (t) || t == ' ')) {
+			str->str[i] = '?';
+		}
+	}
+}
+
 gchar *
 rspamd_mime_header_decode (rspamd_mempool_t *pool, const gchar *in,
 		gsize inlen)
@@ -685,6 +699,7 @@ rspamd_mime_header_decode (rspamd_mempool_t *pool, const gchar *in,
 
 	g_byte_array_free (token, TRUE);
 	g_byte_array_free (decoded, TRUE);
+	rspamd_mime_header_sanity_check (out);
 	ret = g_string_free (out, FALSE);
 	rspamd_mempool_add_destructor (pool, g_free, ret);
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2017-12-06 20:25:42 +0000
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2017-12-06 20:28:56 +0000
commit	8c7d0392ac2850820cfebbb1dfd9636215d8cc18 (patch)
tree	036e56dc5994777895779daeda157b43d82f1648 /src/libmime/mime_headers.c
parent	d7442a934fa1c66c1954ec103cf66f6a80ede16b (diff)
download	rspamd-8c7d0392ac2850820cfebbb1dfd9636215d8cc18.tar.gz rspamd-8c7d0392ac2850820cfebbb1dfd9636215d8cc18.zip