lib-sieve: editheader extension: added runtime header field name verification.

69c22fa4 · Stephan Bosch · 01b034aa · 69c22fa4 · 69c22fa4
Commit 69c22fa4 authored 13 years ago by Stephan Bosch
--- a/src/lib-sieve/plugins/editheader/cmd-addheader.c
+++ b/src/lib-sieve/plugins/editheader/cmd-addheader.c
@@ -238,6 +238,17 @@ static int cmd_addheader_operation_execute
 		(renv, address, "value", &value)) <= 0 )
 		return ret;

+	/*
+	 * Verify arguments
+	 */
+
+	if ( !rfc2822_header_field_name_verify
+		(str_c(field_name), str_len(field_name)) ) {
+		sieve_runtime_error(renv, NULL, "specified field name `%s' is invalid",
+			str_sanitize(str_c(field_name), 80));
+		return SIEVE_EXEC_FAILURE;
+	}
+
 	/*
 	 * Perform operation
 	 */

--- a/src/lib-sieve/plugins/editheader/cmd-deleteheader.c
+++ b/src/lib-sieve/plugins/editheader/cmd-deleteheader.c
@@ -425,6 +425,17 @@ static int cmd_deleteheader_operation_execute
 		(renv, &oprnd, address, "value-patterns", &vpattern_list)) <= 0 )
 		return ret;
 	
+	/*
+	 * Verify arguments
+	 */
+
+	if ( !rfc2822_header_field_name_verify
+		(str_c(field_name), str_len(field_name)) ) {
+		sieve_runtime_error(renv, NULL, "specified field name `%s' is invalid",
+			str_sanitize(str_c(field_name), 80));
+		return SIEVE_EXEC_FAILURE;
+	}
+
 	/*
 	 * Execute command
 	 */