details: https://hg.nginx.org/nginx/rev/4b15f1b92100
branches:
changeset: 7842:4b15f1b92100
user: Maxim Dounin <mdounin@mdounin.ru>
date: Wed May 19 03:13:26 2021 +0300
description:
Mail: stricter checking of IMAP tags.

Only "A-Za-z0-9-._" characters now allowed (which is stricter than what
RFC 3501 requires, but expected to be enough for all known clients),
and tags shouldn't be longer than 32 characters.

diffstat:

src/mail/ngx_mail_parse.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)

diffs (21 lines):

diff -r ccdf83bee8c1 -r 4b15f1b92100 src/mail/ngx_mail_parse.c
--- a/src/mail/ngx_mail_parse.c Wed May 19 03:13:23 2021 +0300
+++ b/src/mail/ngx_mail_parse.c Wed May 19 03:13:26 2021 +0300
@@ -265,6 +265,17 @@ ngx_mail_imap_parse_command(ngx_mail_ses
case LF:
s->state = sw_start;
return NGX_MAIL_PARSE_INVALID_COMMAND;
+ default:
+ if ((ch < 'A' || ch > 'Z') && (ch < 'a' || ch > 'z')
+ && (ch < '0' || ch > '9') && ch != '-' && ch != '.'
+ && ch != '_')
+ {
+ goto invalid;
+ }
+ if (p - s->buffer->start > 31) {
+ goto invalid;
+ }
+ break;
}
break;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel