lib-http: harden payload tests against dodgy filenames

Tests use files from readdir() as input, but do no sanitation of the
names, and therefore things like editor temp files can cause havoc
with the HTTP request parser.

The solution is to trap dodgy characters in the filenames, and ignore
those files. Initially, trap HTTP's "unsafe" and "reserved" characters.

Signed-off-by: Phil Carmody <phil@dovecot.fi>

diff --git a/src/lib-http/test-http-payload.c b/src/lib-http/test-http-payload.c
index 3083aca1442a766ae025487f0f0cb38ccf07152f..e51dd0843a847bcc532fa87086c4b3f72900003c 100644 (file)
--- a/src/lib-http/test-http-payload.c
+++ b/src/lib-http/test-http-payload.c
@@ -67,6 +67,7 @@ static unsigned ioloop_nested_depth = 0;
 /*
  * Test files
  */
+static const char unsafe_characters[] = "\"<>#%{}|\\^~[]` ;/?:@=&";
 
 static ARRAY_TYPE(const_string) files;
 static pool_t files_pool;
@@ -92,7 +93,8 @@ static void test_files_read_dir(const char *path)
                errno = 0;
                if ((dp=readdir(dirp)) == NULL)
                        break;
-               if (*dp->d_name == '.')
+               if (*dp->d_name == '.' ||
+                   dp->d_name[strcspn(dp->d_name, unsafe_characters)] != '\0')
                        continue;
 
                file = t_abspath_to(dp->d_name, path);