commit 90848cc: [Fix] Fix rubbish QP sequences decoding
Vsevolod Stakhov
vsevolod at highsecure.ru
Mon Sep 20 19:28:05 UTC 2021
Author: Vsevolod Stakhov
Date: 2021-09-20 20:26:15 +0100
URL: https://github.com/rspamd/rspamd/commit/90848cca7a60e62a1644f714da9b8e0fa934e2e0 (HEAD -> master)
[Fix] Fix rubbish QP sequences decoding
---
src/libutil/str_util.c | 46 +++++++++++++++++++++++++++++++++++++---------
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/src/libutil/str_util.c b/src/libutil/str_util.c
index 6b0cc3b68..fc53a8711 100644
--- a/src/libutil/str_util.c
+++ b/src/libutil/str_util.c
@@ -2427,9 +2427,15 @@ decode:
remain --;
ret = 0;
- if (c >= '0' && c <= '9') { ret = c - '0'; }
- else if (c >= 'A' && c <= 'F') { ret = c - 'A' + 10; }
- else if (c >= 'a' && c <= 'f') { ret = c - 'a' + 10; }
+ if (c >= '0' && c <= '9') {
+ ret = c - '0';
+ }
+ else if (c >= 'A' && c <= 'F') {
+ ret = c - 'A' + 10;
+ }
+ else if (c >= 'a' && c <= 'f') {
+ ret = c - 'a' + 10;
+ }
else if (c == '\r') {
/* Eat one more endline */
if (remain > 0 && *p == '\n') {
@@ -2445,9 +2451,13 @@ decode:
}
else {
/* Hack, hack, hack, treat =<garbadge> as =<garbadge> */
- if (remain > 0) {
+ if (end - o > 1) {
+ *o++ = '=';
*o++ = *(p - 1);
}
+ else {
+ return (-1);
+ }
continue;
}
@@ -2455,10 +2465,30 @@ decode:
if (remain > 0) {
c = *p++;
ret *= 16;
+ remain --;
- if (c >= '0' && c <= '9') { ret += c - '0'; }
- else if (c >= 'A' && c <= 'F') { ret += c - 'A' + 10; }
- else if (c >= 'a' && c <= 'f') { ret += c - 'a' + 10; }
+ if (c >= '0' && c <= '9') {
+ ret += c - '0';
+ }
+ else if (c >= 'A' && c <= 'F') {
+ ret += c - 'A' + 10;
+ }
+ else if (c >= 'a' && c <= 'f') {
+ ret += c - 'a' + 10;
+ }
+ else {
+ /* Treat =<good><rubbish> as =<good><rubbish> */
+ if (end - o > 2) {
+ *o++ = '=';
+ *o++ = *(p - 2);
+ *o++ = *(p - 1);
+ }
+ else {
+ return (-1);
+ }
+
+ continue;
+ }
if (end - o > 0) {
*o++ = (gchar)ret;
@@ -2466,8 +2496,6 @@ decode:
else {
return (-1);
}
-
- remain --;
}
}
else {
More information about the Commits
mailing list