From cc6807a629efd8d72922c311e54549736a342ba6 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Fri, 8 Apr 2011 20:21:58 +0300 Subject: [PATCH] imap-login: Don't allow IMAP command tags that have invalid characters. This simply attempts to prevent HTTP requests from replying with any potentially danerous data that some web browsers might execute, e.g.: curl --request POST -F 'x=""' http://localhost:143/ The above command probably doesn't work, because max. bad commands is reached earlier. But if it isn't, this change makes sure it doesn't return back anything, because '"' and '(' aren't allowed characters. Even if '"' weren't required, there hopefully isn't much to be done without being able to call any functions. --- src/imap-login/client.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/imap-login/client.c b/src/imap-login/client.c index f559e2bf4a..eb64c076c8 100644 --- a/src/imap-login/client.c +++ b/src/imap-login/client.c @@ -199,6 +199,33 @@ static int client_command_execute(struct imap_client *client, const char *cmd, return -2; } +static bool imap_is_valid_tag(const char *tag) +{ + for (; *tag != '\0'; tag++) { + switch (*tag) { + case '+': + /* atom-specials: */ + case '(': + case ')': + case '{': + case '/': + case ' ': + /* list-wildcards: */ + case '%': + case '*': + /* quoted-specials: */ + case '"': + case '\\': + return FALSE; + default: + if (*tag < ' ') /* CTL */ + return FALSE; + break; + } + } + return TRUE; +} + static bool client_handle_input(struct imap_client *client) { const struct imap_arg *args; @@ -230,6 +257,13 @@ static bool client_handle_input(struct imap_client *client) client->cmd_tag = imap_parser_read_word(client->parser); if (client->cmd_tag == NULL) return FALSE; /* need more data */ + if (!imap_is_valid_tag(client->cmd_tag)) { + /* the tag is invalid, don't allow it and don't + send it back. this attempts to prevent any + potentially dangerous replies in case someone tries + to access us using HTTP protocol. */ + client->cmd_tag = ""; + } } if (client->cmd_name == NULL) { -- 2.47.3