Skip to content
Snippets Groups Projects
Commit 12a317ad authored by Stephan Bosch's avatar Stephan Bosch
Browse files

Implemented script name checking using the requirements specified in the ManageSieve draft.

parent d61ff631
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
TODO
+ 0
1
View file @ 12a317ad
......@@ -15,7 +15,6 @@ Next (in order of descending priority/precedence):
* Implement namespace support for variables extension (to complete include
extension)
* Update include extension to latest draft:
- Perform script name check
- Implement global namespace
- Allow placing the global command anywhere in the script
- Implement required ManageSieve behavior
......
src/lib-sieve/plugins/include/cmd-include.c
+ 2
2
View file @ 12a317ad
......@@ -226,9 +226,9 @@ static bool cmd_include_validate
script_name = sieve_ast_argument_strc(arg);
if ( strchr(script_name, '/') != NULL ) {
if ( !sieve_script_name_is_valid(script_name) ) {
sieve_argument_validate_error(valdtr, arg,
"include: '/' not allowed in script name (%s)",
"include: invalid script name '%s'",
str_sanitize(script_name, 80));
return FALSE;
}
......
src/lib-sieve/sieve-script.c
+ 48
0
View file @ 12a317ad
......@@ -3,6 +3,8 @@
#include "lib.h"
#include "compat.h"
#include "unichar.h"
#include "array.h"
#include "istream.h"
#include "eacces-error.h"
......@@ -21,6 +23,52 @@
#define SIEVE_READ_BLOCK_SIZE (1024*8)
/*
* Script name
*/
bool sieve_script_name_is_valid(const char *scriptname)
{
ARRAY_TYPE(unichars) uni_name;
unsigned int count, i;
const unichar_t *name_chars;
/* Intialize array for unicode characters */
t_array_init(&uni_name, strlen(scriptname)* 4);
/* Convert UTF-8 to UCS4/UTF-32 */
if ( uni_utf8_to_ucs4(scriptname, &uni_name) < 0 )
return FALSE;
/* Scan name for invalid characters */
name_chars = array_get(&uni_name, &count);
for ( i = 0; i < count; i++ ) {
/* 0000-001F; [CONTROL CHARACTERS] */
if ( name_chars[i] <= 0x001f )
return FALSE;
/* 002F; SLASH */
if ( name_chars[i] == 0x002f )
return FALSE;
/* 007F; DELETE */
if ( name_chars[i] == 0x007f )
return FALSE;
/* 0080-009F; [CONTROL CHARACTERS] */
if ( name_chars[i] >= 0x0080 && name_chars[i] <= 0x009f )
return FALSE;
/* 2028; LINE SEPARATOR */
/* 2029; PARAGRAPH SEPARATOR */
if ( name_chars[i] == 0x2028 || name_chars[i] == 0x2029 )
return FALSE;
}
return TRUE;
}
/*
* Filename to name/name to filename
*/
......
src/lib-sieve/sieve-script.h
+ 7
0
View file @ 12a317ad
......@@ -8,6 +8,13 @@
#include <sys/types.h>
/*
* Sieve script name
*/
bool sieve_script_name_is_valid(const char *scriptname);
/*
* Sieve script object
*/
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Consent

On this website, we use the web analytics service Matomo to analyze and review the use of our website. Through the collected statistics, we can improve our offerings and make them more appealing for you. Here, you can decide whether to allow us to process your data and set corresponding cookies for these purposes, in addition to technically necessary cookies. Further information on data protection—especially regarding "cookies" and "Matomo"—can be found in our privacy policy. You can withdraw your consent at any time.