diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-02-07 15:47:56 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-02-07 15:47:56 +0000 |
commit | b0ffaff883afd82f04420e5cf3e7ae45b90c5acf (patch) | |
tree | 6a9d437bad7f90b500f3a340a28a7a3703710225 /src | |
parent | 11034d766c94f50f7c21ab6e9cffb07da736ea8f (diff) | |
download | rspamd-b0ffaff883afd82f04420e5cf3e7ae45b90c5acf.tar.gz rspamd-b0ffaff883afd82f04420e5cf3e7ae45b90c5acf.zip |
[Fix] Fix processing of null bytes in headers
Issue: #2742
Diffstat (limited to 'src')
-rw-r--r-- | src/libmime/mime_headers.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/src/libmime/mime_headers.c b/src/libmime/mime_headers.c index ec3d87e8a..20c1e2ee9 100644 --- a/src/libmime/mime_headers.c +++ b/src/libmime/mime_headers.c @@ -159,6 +159,7 @@ rspamd_mime_header_add (struct rspamd_task *task, } } + /* Convert raw headers to a list of struct raw_header * */ void rspamd_mime_headers_process (struct rspamd_task *task, GHashTable *target, @@ -202,7 +203,7 @@ rspamd_mime_headers_process (struct rspamd_task *task, GHashTable *target, sizeof (struct rspamd_mime_header)); l = p - c; tmp = rspamd_mempool_alloc (task->task_pool, l + 1); - rspamd_strlcpy (tmp, c, l + 1); + rspamd_null_safe_copy (c, l, tmp, l + 1); nh->name = tmp; nh->empty_separator = TRUE; nh->raw_value = c; @@ -251,7 +252,7 @@ rspamd_mime_headers_process (struct rspamd_task *task, GHashTable *target, l = p - c; if (l > 0) { tmp = rspamd_mempool_alloc (task->task_pool, l + 1); - rspamd_strlcpy (tmp, c, l + 1); + rspamd_null_safe_copy (c, l, tmp, l + 1); nh->separator = tmp; } next_state = 3; @@ -263,7 +264,7 @@ rspamd_mime_headers_process (struct rspamd_task *task, GHashTable *target, l = p - c; if (l >= 0) { tmp = rspamd_mempool_alloc (task->task_pool, l + 1); - rspamd_strlcpy (tmp, c, l + 1); + rspamd_null_safe_copy (c, l, tmp, l + 1); nh->separator = tmp; } c = p; @@ -297,6 +298,12 @@ rspamd_mime_headers_process (struct rspamd_task *task, GHashTable *target, break; case 4: /* Copy header's value */ + + /* + * XXX: + * The original decision to use here null terminated + * strings was extremely poor! + */ l = p - c; tmp = rspamd_mempool_alloc (task->task_pool, l + 1); tp = tmp; @@ -310,7 +317,12 @@ rspamd_mime_headers_process (struct rspamd_task *task, GHashTable *target, *tp++ = ' '; } else { - *tp++ = *c++; + if (*c != '\0') { + *tp++ = *c++; + } + else { + c++; + } } } else if (t_state == 1) { @@ -320,7 +332,12 @@ rspamd_mime_headers_process (struct rspamd_task *task, GHashTable *target, } else { t_state = 0; - *tp++ = *c++; + if (*c != '\0') { + *tp++ = *c++; + } + else { + c++; + } } } } |