rfc2047: blaze822_decode_rfc2047: don't decode encoded-words that contain NUL bytes

This is a lax interpretation of RFC 2047, 4.5: > Only printable and white space character data should be encoded using > this scheme. However, since these encoding schemes allow the > encoding of arbitrary octet values, mail readers that implement this > decoding should also ensure that display of the decoded data on the > recipient's terminal will not cause unwanted side-effects. Since many of the code that deals with header values does not support inline NUL bytes, it's best to not decode them here. We check for this after iconv, so quoted-printable UTF-32 e.g. should be safe. Also see https://www.mailsploit.com/
7 years ago · ba4a0cf589
parent 4d40475364
commit ba4a0cf589
1 changed files with 4 additions and 1 deletions
--- a/rfc2047.c
+++ b/rfc2047.c
@ -132,7 +132,7 @@ blaze822_decode_rfc2047(char *dst, char *src, size_t dlen, char *tgtenc)

 	char *b = src;

-	// use memmem
+	// XXX use memmem
 	char *s = strstr(src, "=?");
 	if (!s)
 		goto nocodeok;
@ -233,6 +233,9 @@ blaze822_decode_rfc2047(char *dst, char *src, size_t dlen, char *tgtenc)
 			}
 		}

+		if (memchr(dst, 0, dlen))
+			goto nocode;
+
 		while (!partial && declen && dlen) {
 			*dst++ = *dec++;
 			declen--;