Enotify: added verification of header field names in mailto url.

3230382e · Stephan Bosch · c4c589b1 · 3230382e · 3230382e · 3230382e
Commit 3230382e authored 16 years ago by Stephan Bosch
--- a/Makefile.am
+++ b/Makefile.am
@@ -24,6 +24,7 @@ if BUILD_ENOTIFY
 ENOTIFY_TESTS = \
 	tests/extensions/enotify/basic.svtest \
 	tests/extensions/enotify/encodeurl.svtest \
+	tests/extensions/enotify/errors.svtest \
 	tests/extensions/enotify/execute.svtest
 endif


--- a/src/lib-sieve/plugins/enotify/ntfy-mailto.c
+++ b/src/lib-sieve/plugins/enotify/ntfy-mailto.c
@@ -49,7 +49,7 @@ const struct sieve_enotify_method mailto_notify = {
 /* FIXME: much of this implementation will be common to other URI schemes. This
 *        should be merged into a common implementation.
 */
-
+ 
 static inline int _decode_hex_digit(char digit)
 {
 	switch ( digit ) {
@@ -114,6 +114,8 @@ static bool _uri_parse_recipients
 				recipient = str_c(to);
 				
 				/* Verify recipient */
+			
+				// FIXME ....
 				
 				/* Add recipient to the list */
 				if ( recipients_r != NULL ) {
@@ -141,7 +143,7 @@ static bool _uri_parse_recipients
 	
 	/* Verify recipient */

-	// ....
+	// FIXME ....
 		
 	if ( recipients_r != NULL ) {
 		/* Add recipient to the list */
@@ -192,11 +194,19 @@ static bool _uri_parse_headers
 		}
 		if ( *p != '\0' ) p++;

+		/* Verify field name */
+		if ( !rfc2822_header_field_name_verify(str_c(field), str_len(field)) ) {
+			*error_r = "invalid header field name";
+			return FALSE;
+		}
+
+		/* Add new header field to array and assign its name */
 		if ( headers_r != NULL ) {
 			hdrf = array_append_space(&headers);
 			hdrf->name = t_strdup(str_c(field));
 		}
 		
+		/* Reset for body */
 		str_truncate(field, 0);
 		
 		/* Parse field body */		
@@ -215,6 +225,12 @@ static bool _uri_parse_headers
 		}
 		if ( *p != '\0' ) p++;
 		
+		/* Verify field body */
+		
+		// FIXME ....
+		
+		/* Assign field body */
+		
 		if ( headers_r != NULL ) {
 			hdrf->body = t_strdup(str_c(field));
 			str_truncate(field, 0);

--- a/tests/extensions/enotify/errors.svtest
+++ b/tests/extensions/enotify/errors.svtest
+require "vnd.dovecot.testsuite";
+require "comparator-i;ascii-numeric";
+require "relational";
+
+require "enotify";
+
+
+test "Invalid URL (FIXME: count only)" {
+	if test_compile "errors/url.sieve" {
+		test_fail "compile should have failed";
+	}
+
+	if not test_error :count "eq" :comparator "i;ascii-numeric" "2" {
+		test_fail "wrong number of errors reported";
+	}
+}
+
+test "Invalid mailto URL (FIXME: count only)" {
+	if test_compile "errors/url-mailto.sieve" {
+		test_fail "compile should have failed";
+	}
+
+	if not test_error :count "eq" :comparator "i;ascii-numeric" "2" {
+		test_fail "wrong number of errors reported";
+	}
+}
--- a/tests/extensions/enotify/errors/url-mailto.sieve
+++ b/tests/extensions/enotify/errors/url-mailto.sieve
+require "enotify";
+
+# 1: Invalid header name 
+notify "mailto:stephan@rename-it.nl?header:=frop";
+
--- a/tests/extensions/enotify/errors/url.sieve
+++ b/tests/extensions/enotify/errors/url.sieve
+require "enotify";
+
+# 1: Invalid url scheme
+notify "snailto:stephan@rename-it.nl";
+