diff options
authorLeah Neukirchen <leah@vuxu.org>2017-12-05 16:59:31 +0100
committerLeah Neukirchen <leah@vuxu.org>2017-12-05 16:59:31 +0100
commitba4a0cf589d4465d5217cc24b4d3dd0857f6cb0e (patch)
parent4d404753642db08df0d86876845b96ba0ea3b0c5 (diff)
rfc2047: blaze822_decode_rfc2047: don't decode encoded-words that contain NUL bytes
This is a lax interpretation of RFC 2047, 4.5: > Only printable and white space character data should be encoded using > this scheme. However, since these encoding schemes allow the > encoding of arbitrary octet values, mail readers that implement this > decoding should also ensure that display of the decoded data on the > recipient's terminal will not cause unwanted side-effects. Since many of the code that deals with header values does not support inline NUL bytes, it's best to not decode them here. We check for this after iconv, so quoted-printable UTF-32 e.g. should be safe. Also see https://www.mailsploit.com/
1 files changed, 4 insertions, 1 deletions
diff --git a/rfc2047.c b/rfc2047.c
index c152922..ab65772 100644
--- a/rfc2047.c
+++ b/rfc2047.c
@@ -132,7 +132,7 @@ blaze822_decode_rfc2047(char *dst, char *src, size_t dlen, char *tgtenc)
char *b = src;
- // use memmem
+ // XXX use memmem
char *s = strstr(src, "=?");
if (!s)
goto nocodeok;
@@ -233,6 +233,9 @@ blaze822_decode_rfc2047(char *dst, char *src, size_t dlen, char *tgtenc)
+ if (memchr(dst, 0, dlen))
+ goto nocode;
while (!partial && declen && dlen) {
*dst++ = *dec++;