Skip to content
Snippets Groups Projects
Commit 16e047c5 authored by Timo Sirainen's avatar Timo Sirainen
Browse files

lib-managesieve: Don't accept strings with NULs 

ManageSieve doesn't allow NULs in strings.

This fixes a bug with unescaping a string with NULs: str_unescape() could
have been called for memory that points outside the allocated string,
causing heap corruption. This could cause crashes or theoretically even
result in remote code execution exploit.

Found by Nick Roessler and Rafi Rubin
parent 5cd8cfc1
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
src/lib-managesieve/managesieve-parser.c
+ 5
0
View file @ 16e047c5
......@@ -258,6 +258,11 @@ managesieve_parser_read_string(struct managesieve_parser *parser,
break;
}
if (data[i] == '\0') {
parser->error = "NULs not allowed in strings";
return FALSE;
}
if (data[i] == '\\') {
if (i+1 == data_size) {
/* known data ends with '\' - leave it to
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Consent

On this website, we use the web analytics service Matomo to analyze and review the use of our website. Through the collected statistics, we can improve our offerings and make them more appealing for you. Here, you can decide whether to allow us to process your data and set corresponding cookies for these purposes, in addition to technically necessary cookies. Further information on data protection—especially regarding "cookies" and "Matomo"—can be found in our privacy policy. You can withdraw your consent at any time.