From 69c22fa4f132c8ebc08d6b697feb3077c4f6bf44 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan@rename-it.nl>
Date: Sat, 26 Nov 2011 11:11:02 +0100
Subject: [PATCH] lib-sieve: editheader extension: added runtime header field
 name verification.

---
 src/lib-sieve/plugins/editheader/cmd-addheader.c    | 11 +++++++++++
 src/lib-sieve/plugins/editheader/cmd-deleteheader.c | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/src/lib-sieve/plugins/editheader/cmd-addheader.c b/src/lib-sieve/plugins/editheader/cmd-addheader.c
index f6ec46aa8..63ad91eb4 100644
--- a/src/lib-sieve/plugins/editheader/cmd-addheader.c
+++ b/src/lib-sieve/plugins/editheader/cmd-addheader.c
@@ -238,6 +238,17 @@ static int cmd_addheader_operation_execute
 		(renv, address, "value", &value)) <= 0 )
 		return ret;
 
+	/*
+	 * Verify arguments
+	 */
+
+	if ( !rfc2822_header_field_name_verify
+		(str_c(field_name), str_len(field_name)) ) {
+		sieve_runtime_error(renv, NULL, "specified field name `%s' is invalid",
+			str_sanitize(str_c(field_name), 80));
+		return SIEVE_EXEC_FAILURE;
+	}
+
 	/*
 	 * Perform operation
 	 */
diff --git a/src/lib-sieve/plugins/editheader/cmd-deleteheader.c b/src/lib-sieve/plugins/editheader/cmd-deleteheader.c
index 7f4a687ea..36929b475 100644
--- a/src/lib-sieve/plugins/editheader/cmd-deleteheader.c
+++ b/src/lib-sieve/plugins/editheader/cmd-deleteheader.c
@@ -425,6 +425,17 @@ static int cmd_deleteheader_operation_execute
 		(renv, &oprnd, address, "value-patterns", &vpattern_list)) <= 0 )
 		return ret;
 	
+	/*
+	 * Verify arguments
+	 */
+
+	if ( !rfc2822_header_field_name_verify
+		(str_c(field_name), str_len(field_name)) ) {
+		sieve_runtime_error(renv, NULL, "specified field name `%s' is invalid",
+			str_sanitize(str_c(field_name), 80));
+		return SIEVE_EXEC_FAILURE;
+	}
+
 	/*
 	 * Execute command
 	 */
-- 
GitLab