Mercurial > hg > nginx-quic
changeset 8463:4b15f1b92100
Mail: stricter checking of IMAP tags.
Only "A-Za-z0-9-._" characters now allowed (which is stricter than what
RFC 3501 requires, but expected to be enough for all known clients),
and tags shouldn't be longer than 32 characters.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 19 May 2021 03:13:26 +0300 |
parents | ccdf83bee8c1 |
children | b38728495e1a |
files | src/mail/ngx_mail_parse.c |
diffstat | 1 files changed, 11 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/mail/ngx_mail_parse.c +++ b/src/mail/ngx_mail_parse.c @@ -265,6 +265,17 @@ ngx_mail_imap_parse_command(ngx_mail_ses case LF: s->state = sw_start; return NGX_MAIL_PARSE_INVALID_COMMAND; + default: + if ((ch < 'A' || ch > 'Z') && (ch < 'a' || ch > 'z') + && (ch < '0' || ch > '9') && ch != '-' && ch != '.' + && ch != '_') + { + goto invalid; + } + if (p - s->buffer->start > 31) { + goto invalid; + } + break; } break;