From 3230382e9b69a2627ea78a6f62a2632a72ca7a5a Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan@rename-it.nl>
Date: Fri, 12 Dec 2008 19:40:27 +0100
Subject: [PATCH] Enotify: added verification of header field names in mailto
url.
---
Makefile.am | 1 +
src/lib-sieve/plugins/enotify/ntfy-mailto.c | 20 ++++++++++++--
tests/extensions/enotify/errors.svtest | 26 +++++++++++++++++++
.../enotify/errors/url-mailto.sieve | 5 ++++
tests/extensions/enotify/errors/url.sieve | 5 ++++
5 files changed, 55 insertions(+), 2 deletions(-)
create mode 100644 tests/extensions/enotify/errors.svtest
create mode 100644 tests/extensions/enotify/errors/url-mailto.sieve
create mode 100644 tests/extensions/enotify/errors/url.sieve
diff --git a/Makefile.am b/Makefile.am
index a761fde6a..c5794b9a7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -24,6 +24,7 @@ if BUILD_ENOTIFY
ENOTIFY_TESTS = \
tests/extensions/enotify/basic.svtest \
tests/extensions/enotify/encodeurl.svtest \
+ tests/extensions/enotify/errors.svtest \
tests/extensions/enotify/execute.svtest
endif
diff --git a/src/lib-sieve/plugins/enotify/ntfy-mailto.c b/src/lib-sieve/plugins/enotify/ntfy-mailto.c
index 7ce3873b5..6657f388a 100644
--- a/src/lib-sieve/plugins/enotify/ntfy-mailto.c
+++ b/src/lib-sieve/plugins/enotify/ntfy-mailto.c
@@ -49,7 +49,7 @@ const struct sieve_enotify_method mailto_notify = {
/* FIXME: much of this implementation will be common to other URI schemes. This
* should be merged into a common implementation.
*/
-
+
static inline int _decode_hex_digit(char digit)
{
switch ( digit ) {
@@ -114,6 +114,8 @@ static bool _uri_parse_recipients
recipient = str_c(to);
/* Verify recipient */
+
+ // FIXME ....
/* Add recipient to the list */
if ( recipients_r != NULL ) {
@@ -141,7 +143,7 @@ static bool _uri_parse_recipients
/* Verify recipient */
- // ....
+ // FIXME ....
if ( recipients_r != NULL ) {
/* Add recipient to the list */
@@ -192,11 +194,19 @@ static bool _uri_parse_headers
}
if ( *p != '\0' ) p++;
+ /* Verify field name */
+ if ( !rfc2822_header_field_name_verify(str_c(field), str_len(field)) ) {
+ *error_r = "invalid header field name";
+ return FALSE;
+ }
+
+ /* Add new header field to array and assign its name */
if ( headers_r != NULL ) {
hdrf = array_append_space(&headers);
hdrf->name = t_strdup(str_c(field));
}
+ /* Reset for body */
str_truncate(field, 0);
/* Parse field body */
@@ -215,6 +225,12 @@ static bool _uri_parse_headers
}
if ( *p != '\0' ) p++;
+ /* Verify field body */
+
+ // FIXME ....
+
+ /* Assign field body */
+
if ( headers_r != NULL ) {
hdrf->body = t_strdup(str_c(field));
str_truncate(field, 0);
diff --git a/tests/extensions/enotify/errors.svtest b/tests/extensions/enotify/errors.svtest
new file mode 100644
index 000000000..40fb6d1eb
--- /dev/null
+++ b/tests/extensions/enotify/errors.svtest
@@ -0,0 +1,26 @@
+require "vnd.dovecot.testsuite";
+require "comparator-i;ascii-numeric";
+require "relational";
+
+require "enotify";
+
+
+test "Invalid URL (FIXME: count only)" {
+ if test_compile "errors/url.sieve" {
+ test_fail "compile should have failed";
+ }
+
+ if not test_error :count "eq" :comparator "i;ascii-numeric" "2" {
+ test_fail "wrong number of errors reported";
+ }
+}
+
+test "Invalid mailto URL (FIXME: count only)" {
+ if test_compile "errors/url-mailto.sieve" {
+ test_fail "compile should have failed";
+ }
+
+ if not test_error :count "eq" :comparator "i;ascii-numeric" "2" {
+ test_fail "wrong number of errors reported";
+ }
+}
diff --git a/tests/extensions/enotify/errors/url-mailto.sieve b/tests/extensions/enotify/errors/url-mailto.sieve
new file mode 100644
index 000000000..5a4d32f6c
--- /dev/null
+++ b/tests/extensions/enotify/errors/url-mailto.sieve
@@ -0,0 +1,5 @@
+require "enotify";
+
+# 1: Invalid header name
+notify "mailto:stephan@rename-it.nl?header:=frop";
+
diff --git a/tests/extensions/enotify/errors/url.sieve b/tests/extensions/enotify/errors/url.sieve
new file mode 100644
index 000000000..06e86d764
--- /dev/null
+++ b/tests/extensions/enotify/errors/url.sieve
@@ -0,0 +1,5 @@
+require "enotify";
+
+# 1: Invalid url scheme
+notify "snailto:stephan@rename-it.nl";
+
--
GitLab