lib-http: harden payload tests against dodgy filenames

Tests use files from readdir() as input, but do no sanitation of the
names, and therefore things like editor temp files can cause havoc
with the HTTP request parser.

The solution is to trap dodgy characters in the filenames, and ignore
those files. Initially, trap HTTP's "unsafe" and "reserved" characters.

Signed-off-by: Phil Carmody <phil@dovecot.fi>

diff --git a/src/lib-http/test-http-payload.c b/src/lib-http/test-http-payload.c
index d0c43155378d9b6e01a89ff599ce776a992debf9..d00fe196139c11e274c92a7299b1b1c6309c30ce 100644 (file)
--- a/src/lib-http/test-http-payload.c
+++ b/src/lib-http/test-http-payload.c
@@ -67,6 +67,7 @@ static unsigned ioloop_nested_depth = 0;
 /*
  * Test files
  */
+static const char unsafe_characters[] = "\"<>#%{}|\\^~[]` ;/?:@=&";
 
 static ARRAY_TYPE(const_string) files;
 static pool_t files_pool;
@@ -92,7 +93,8 @@ static void test_files_read_dir(const char *path)
                errno = 0;
                if ((dp=readdir(dirp)) == NULL)
                        break;
-               if (*dp->d_name == '.')
+               if (*dp->d_name == '.' ||
+                   dp->d_name[strcspn(dp->d_name, unsafe_characters)] != '\0')
                        continue;
 
                file = t_abspath_to(dp->d_name, path);