From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Fri, 25 Oct 2019 16:56:32 +0000 (+0100)
Subject: [Fix] Uuencode: Fix parsing of corrupted uuencode
X-Git-Tag: 2.1~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=75ad544ef49c646a02b9bddd434eb8d831ca487d;p=thirdparty%2Frspamd.git

[Fix] Uuencode: Fix parsing of corrupted uuencode
---

diff --git a/src/libmime/mime_parser.c b/src/libmime/mime_parser.c
index e11b59e347..21374e2495 100644
--- a/src/libmime/mime_parser.c
+++ b/src/libmime/mime_parser.c
@@ -568,11 +568,11 @@ rspamd_mime_parse_normal_part (struct rspamd_task *task,
 			part->parsed_data.len = parsed->len;
 		}
 		else {
-			msg_err_task ("invalid quoted-printable encoded part, assume 8bit");
+			msg_err_task ("invalid uuencoding in encoded part, assume 8bit");
 			part->ct->flags |= RSPAMD_CONTENT_TYPE_BROKEN;
 			part->cte = RSPAMD_CTE_8BIT;
-			memcpy (parsed->str, part->raw_data.begin, part->raw_data.len);
-			parsed->len = part->raw_data.len;
+			parsed->len = MIN (part->raw_data.len, parsed->allocated);
+			memcpy (parsed->str, part->raw_data.begin, parsed->len);
 			part->parsed_data.begin = parsed->str;
 			part->parsed_data.len = parsed->len;
 		}
diff --git a/src/libutil/str_util.c b/src/libutil/str_util.c
index 7edb1b1095..d1f2cbfe69 100644
--- a/src/libutil/str_util.c
+++ b/src/libutil/str_util.c
@@ -2214,6 +2214,10 @@ rspamd_decode_uue_buf (const gchar *in, gsize inlen,
 	out_end = out + outlen;
 	remain = inlen;
 
+	/* Skip newlines */
+#define SKIP_NEWLINE do { while (remain > 0 && (*p == '\n' || *p == '\r')) {p ++; remain --; } } while (0)
+	SKIP_NEWLINE;
+
 	/* First of all, we need to read the first line (and probably skip it) */
 	if (remain < sizeof ("begin-base64 ")) {
 		/* Obviously truncated */
@@ -2247,7 +2251,6 @@ rspamd_decode_uue_buf (const gchar *in, gsize inlen,
 		return (-1);
 	}
 
-#define SKIP_NEWLINE do { while (remain > 0 && (*p == '\n' || *p == '\r')) {p ++; remain --; } } while (0)
 #define	DEC(c)	(((c) - ' ') & 077)		/* single character decode */
 #define IS_DEC(c) ( (((c) - ' ') >= 0) && (((c) - ' ') <= 077 + 1) )
 #define CHAR_OUT(c) do { if (o < out_end) { *o++ = c; } else { return (-1); } } while(0)