Mercurial > hg > nginx

changeset 7842:4b15f1b92100

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mail: stricter checking of IMAP tags. Only "A-Za-z0-9-._" characters now allowed (which is stricter than what RFC 3501 requires, but expected to be enough for all known clients), and tags shouldn't be longer than 32 characters.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 19 May 2021 03:13:26 +0300
parents ccdf83bee8c1
children b38728495e1a
files src/mail/ngx_mail_parse.c
diffstat 1 files changed, 11 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/mail/ngx_mail_parse.c
+++ b/src/mail/ngx_mail_parse.c
@@ -265,6 +265,17 @@ ngx_mail_imap_parse_command(ngx_mail_ses
             case LF:
                 s->state = sw_start;
                 return NGX_MAIL_PARSE_INVALID_COMMAND;
+            default:
+                if ((ch < 'A' || ch > 'Z') && (ch < 'a' || ch > 'z')
+                    && (ch < '0' || ch > '9') && ch != '-' && ch != '.'
+                    && ch != '_')
+                {
+                    goto invalid;
+                }
+                if (p - s->buffer->start > 31) {
+                    goto invalid;
+                }
+                break;
             }
             break;