[Fix] Check decoded headers sanity (e.g. by excluding \0)

MFH: rspamd-1.6

diff --git a/src/libmime/mime_headers.c b/src/libmime/mime_headers.c
index 95f8d9ba6961f655b70ee2783208b2ce50c5e590..be83025f57d5deecd4921284263dcae82c6f36cc 100644 (file)
--- a/src/libmime/mime_headers.c
+++ b/src/libmime/mime_headers.c
@@ -507,6 +507,20 @@ rspamd_mime_header_maybe_save_token (rspamd_mempool_t *pool, GString *out,
        memcpy (old_charset, new_charset, sizeof (*old_charset));
 }
 
+static void
+rspamd_mime_header_sanity_check (GString *str)
+{
+       gsize i;
+       gchar t;
+
+       for (i = 0; i < str->len; i ++) {
+               t = str->str[i];
+               if (!((t & 0x80) || g_ascii_isgraph (t) || t == ' ')) {
+                       str->str[i] = '?';
+               }
+       }
+}
+
 gchar *
 rspamd_mime_header_decode (rspamd_mempool_t *pool, const gchar *in,
                gsize inlen)
@@ -685,6 +699,7 @@ rspamd_mime_header_decode (rspamd_mempool_t *pool, const gchar *in,
 
        g_byte_array_free (token, TRUE);
        g_byte_array_free (decoded, TRUE);
+       rspamd_mime_header_sanity_check (out);
        ret = g_string_free (out, FALSE);
        rspamd_mempool_add_destructor (pool, g_free, ret);