From 5a71e7be275cc015900b10bbd8f72e37813752df Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Tue, 6 Mar 2018 23:52:40 +0100
Subject: [PATCH] lib-sieve: Do not allow UTF-8 in localpart in addresses
 parsed from Sieve script.

---
 src/lib-sieve/sieve-address.c          | 16 +++++++++++++++-
 tests/compile/errors.svtest            |  2 +-
 tests/compile/errors/out-address.sieve |  1 +
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/lib-sieve/sieve-address.c b/src/lib-sieve/sieve-address.c
index 94c94400c..23277fca5 100644
--- a/src/lib-sieve/sieve-address.c
+++ b/src/lib-sieve/sieve-address.c
@@ -265,6 +265,20 @@ static inline void sieve_address_error
  *          MERGE!
  */
 
+static int check_local_part(struct sieve_message_address_parser *ctx)
+{
+	const unsigned char *p, *pend;
+
+	p = str_data(ctx->local_part);
+	pend = p + str_len(ctx->local_part);
+	while (p < pend) {
+		if (*p < 0x20 || *p > 0x7e)
+			return -1;
+		p++;
+	}
+	return 0;
+}
+
 static int parse_local_part(struct sieve_message_address_parser *ctx)
 {
 	int ret;
@@ -302,7 +316,7 @@ static int parse_local_part(struct sieve_message_address_parser *ctx)
 		} while (ret > 0 && *ctx->parser.data == '.');
 	}
 
-	if (ret < 0) {
+	if (ret < 0 || check_local_part(ctx) < 0) {
 		sieve_address_error(ctx, "invalid local part");
 		return -1;
 	}
diff --git a/tests/compile/errors.svtest b/tests/compile/errors.svtest
index 64065079e..a5aa212dc 100644
--- a/tests/compile/errors.svtest
+++ b/tests/compile/errors.svtest
@@ -307,7 +307,7 @@ test "Outgoing address errors (FIXME: count only)" {
 		test_fail "compile should have failed.";
 	}
 
-	if not test_error :count "eq" :comparator "i;ascii-numeric" "15" {
+	if not test_error :count "eq" :comparator "i;ascii-numeric" "16" {
 		test_fail "wrong number of errors reported";
 	}
 }
diff --git a/tests/compile/errors/out-address.sieve b/tests/compile/errors/out-address.sieve
index 7880e0eca..3e39599c8 100644
--- a/tests/compile/errors/out-address.sieve
+++ b/tests/compile/errors/out-address.sieve
@@ -15,6 +15,7 @@ redirect "Error <stephan";
 redirect "Error <stephan@";
 redirect "stephan@example.org,tss@example.net";
 redirect "stephan@example.org,%&^&!!~";
+redirect "rüdiger@example.com";
 
 vacation :from "Error" "Ik ben er niet.";
 
-- 
GitLab