Mercurial > hg > nginx-quic
view conf/koi-win @ 8460:3974f4e56a4e
Mail: fixed s->arg_start clearing on invalid IMAP commands.
Previously, s->arg_start was left intact after invalid IMAP commands,
and this might result in an argument incorrectly added to the following
command. Similarly, s->backslash was left intact as well, leading
to unneeded backslash removal.
For example (LFs from the client are explicitly shown as "<LF>"):
S: * OK IMAP4 ready
C: a01 login "\<LF>
S: a01 BAD invalid command
C: a0000000000\2 authenticate <LF>
S: a00000000002 aBAD invalid command
The backslash followed by LF generates invalid command with s->arg_start
and s->backslash set, the following command incorrectly treats anything
from the old s->arg_start to the space after the command as an argument,
and removes the backslash from the tag. If there is no space, s->arg_end
will be NULL.
Both things seem to be harmless though. In particular:
- This can be used to provide an incorrect argument to a command without
arguments. The only command which seems to look at the single argument
is AUTHENTICATE, and it checks the argument length before trying to
access it.
- Backslash removal uses the "end" pointer, and stops due to "src < end"
condition instead of scanning all the process memory if s->arg_end is
NULL (and arg[0].len is huge).
- There should be no backslashes in unquoted strings.
An obvious fix is to clear s->arg_start and s->backslash on invalid commands,
similarly to how it is done in POP3 parsing (added in 810:e3aa8f305d21) and
SMTP parsing.
This, however, makes it clear that s->arg_start handling in the "done"
label is wrong: s->arg_start cannot be legitimately set there, as it
is expected to be cleared in all possible cases when the "done" label is
reached. The relevant code is dead and will be removed by the following
change.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 19 May 2021 03:13:20 +0300 |
parents | 400711951595 |
children |
line wrap: on
line source
charset_map koi8-r windows-1251 { 80 88 ; # euro 95 95 ; # bullet 9A A0 ; # 9E B7 ; # · A3 B8 ; # small yo A4 BA ; # small Ukrainian ye A6 B3 ; # small Ukrainian i A7 BF ; # small Ukrainian yi AD B4 ; # small Ukrainian soft g AE A2 ; # small Byelorussian short u B0 B0 ; # ° B3 A8 ; # capital YO B4 AA ; # capital Ukrainian YE B6 B2 ; # capital Ukrainian I B7 AF ; # capital Ukrainian YI B9 B9 ; # numero sign BD A5 ; # capital Ukrainian soft G BE A1 ; # capital Byelorussian short U BF A9 ; # (C) C0 FE ; # small yu C1 E0 ; # small a C2 E1 ; # small b C3 F6 ; # small ts C4 E4 ; # small d C5 E5 ; # small ye C6 F4 ; # small f C7 E3 ; # small g C8 F5 ; # small kh C9 E8 ; # small i CA E9 ; # small j CB EA ; # small k CC EB ; # small l CD EC ; # small m CE ED ; # small n CF EE ; # small o D0 EF ; # small p D1 FF ; # small ya D2 F0 ; # small r D3 F1 ; # small s D4 F2 ; # small t D5 F3 ; # small u D6 E6 ; # small zh D7 E2 ; # small v D8 FC ; # small soft sign D9 FB ; # small y DA E7 ; # small z DB F8 ; # small sh DC FD ; # small e DD F9 ; # small shch DE F7 ; # small ch DF FA ; # small hard sign E0 DE ; # capital YU E1 C0 ; # capital A E2 C1 ; # capital B E3 D6 ; # capital TS E4 C4 ; # capital D E5 C5 ; # capital YE E6 D4 ; # capital F E7 C3 ; # capital G E8 D5 ; # capital KH E9 C8 ; # capital I EA C9 ; # capital J EB CA ; # capital K EC CB ; # capital L ED CC ; # capital M EE CD ; # capital N EF CE ; # capital O F0 CF ; # capital P F1 DF ; # capital YA F2 D0 ; # capital R F3 D1 ; # capital S F4 D2 ; # capital T F5 D3 ; # capital U F6 C6 ; # capital ZH F7 C2 ; # capital V F8 DC ; # capital soft sign F9 DB ; # capital Y FA C7 ; # capital Z FB D8 ; # capital SH FC DD ; # capital E FD D9 ; # capital SHCH FE D7 ; # capital CH FF DA ; # capital hard sign }