Skip to content

Commit 7bb5b43

Browse files
alexdowadalexdowad
committed
mUTF-7 (UTF7-IMAP) conversion: handle illegal (non-RFC-compliant) input correctly
Instead of looking the other way and letting things slide, report errors when the input does not follow the RFC.
1 parent b43a7de commit 7bb5b43

File tree

1 file changed

+28
-4
lines changed

1 file changed

+28
-4
lines changed

ext/mbstring/libmbfl/filters/mbfilter_utf7imap.c

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ int mbfl_filt_conv_utf7imap_wchar(int c, mbfl_convert_filter *filter)
156156
case 0:
157157
if (c == 0x26) { /* '&' shift character */
158158
filter->status++;
159-
} else if (c >= 0 && c < 0x80) { /* ASCII */
159+
} else if (c >= 0x20 && c <= 0x7E) { /* ASCII */
160160
CK((*filter->output_function)(c, filter->data));
161161
} else { /* illegal character */
162162
s = c & MBFL_WCSGROUP_MASK;
@@ -195,7 +195,15 @@ int mbfl_filt_conv_utf7imap_wchar(int c, mbfl_convert_filter *filter)
195195
}
196196
} else {
197197
filter->cache = n;
198-
CK((*filter->output_function)(s, filter->data));
198+
/* Characters which can be expressed as literal, ASCII characters
199+
* should not be Base64-encoded */
200+
if (s < 0x20 || s > 0x7E || s == '&') {
201+
CK((*filter->output_function)(s, filter->data));
202+
} else {
203+
s &= MBFL_WCSGROUP_MASK;
204+
s |= MBFL_WCSGROUP_THROUGH;
205+
CK((*filter->output_function)(s, filter->data));
206+
}
199207
}
200208
break;
201209

@@ -227,7 +235,15 @@ int mbfl_filt_conv_utf7imap_wchar(int c, mbfl_convert_filter *filter)
227235
}
228236
} else {
229237
filter->cache = n;
230-
CK((*filter->output_function)(s, filter->data));
238+
/* Characters which can be expressed as literal, ASCII characters
239+
* should not be Base64-encoded */
240+
if (s < 0x20 || s > 0x7E || s == '&') {
241+
CK((*filter->output_function)(s, filter->data));
242+
} else {
243+
s &= MBFL_WCSGROUP_MASK;
244+
s |= MBFL_WCSGROUP_THROUGH;
245+
CK((*filter->output_function)(s, filter->data));
246+
}
231247
}
232248
break;
233249

@@ -254,7 +270,15 @@ int mbfl_filt_conv_utf7imap_wchar(int c, mbfl_convert_filter *filter)
254270
}
255271
} else {
256272
filter->cache = 0;
257-
CK((*filter->output_function)(s, filter->data));
273+
/* Characters which can be expressed as literal, ASCII characters
274+
* should not be Base64-encoded */
275+
if (s < 0x20 || s > 0x7E || s == '&') {
276+
CK((*filter->output_function)(s, filter->data));
277+
} else {
278+
s &= MBFL_WCSGROUP_MASK;
279+
s |= MBFL_WCSGROUP_THROUGH;
280+
CK((*filter->output_function)(s, filter->data));
281+
}
258282
}
259283
break;
260284

0 commit comments

Comments
 (0)