dovecot-2.0-pigeonhole: lib-sieve: include extension: forgot to ...

Tue Jul 5 21:32:50 EEST 2011

details:   http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/08bbe5872576
changeset: 1514:08bbe5872576
user:      Stephan Bosch <stephan at rename-it.nl>
date:      Tue Jul 05 20:32:28 2011 +0200
description:
lib-sieve: include extension: forgot to check variable identifier syntax.

diffstat:

 src/lib-sieve/plugins/include/cmd-global.c                |   4 +-
 src/lib-sieve/plugins/include/ext-include-variables.c     |   9 +++
 src/lib-sieve/plugins/variables/ext-variables-arguments.c |  10 +-
 src/lib-sieve/plugins/variables/ext-variables-name.c      |  50 ++++++++++++----
 src/lib-sieve/plugins/variables/sieve-ext-variables.h     |   2 +
 tests/extensions/include/rfc-ex2-default.sieve            |   2 +-
 6 files changed, 57 insertions(+), 20 deletions(-)

diffs (193 lines):

diff -r e9bb226739cb -r 08bbe5872576 src/lib-sieve/plugins/include/cmd-global.c

--- a/src/lib-sieve/plugins/include/cmd-global.c	Sat Jul 02 23:58:01 2011 +0200
+++ b/src/lib-sieve/plugins/include/cmd-global.c	Tue Jul 05 20:32:28 2011 +0200
@@ -174,13 +174,13 @@
 			sieve_ast_argument_name(arg));
 		return FALSE;
 	}
-	
+
 	/* Join global commands with predecessors if possible */
 	if ( sieve_commands_equal(prev, cmd) ) {
 		/* Join this command's string list with the previous one */
 		prev->first_positional = sieve_ast_stringlist_join
 			(prev->first_positional, cmd->first_positional);
-		
+
 		if ( prev->first_positional == NULL ) {
 			/* Not going to happen unless MAXINT stringlist items are specified */
 			sieve_command_validate_error(valdtr, cmd, 
diff -r e9bb226739cb -r 08bbe5872576 src/lib-sieve/plugins/include/ext-include-variables.c
--- a/src/lib-sieve/plugins/include/ext-include-variables.c	Sat Jul 02 23:58:01 2011 +0200
+++ b/src/lib-sieve/plugins/include/ext-include-variables.c	Tue Jul 05 20:32:28 2011 +0200
@@ -1,6 +1,9 @@
 /* Copyright (c) 2002-2011 Pigeonhole authors, see the included COPYING file
  */
 
+#include "lib.h"
+#include "str-sanitize.h"
+
 #include "sieve-common.h"
 #include "sieve-error.h"
 #include "sieve-script.h"
@@ -38,6 +41,12 @@
 	/* Sanity safeguard */	
 	i_assert ( ctx->global_vars != NULL );
 
+	if ( !sieve_variable_identifier_is_valid(variable) ) {
+		sieve_command_validate_error(valdtr, cmd,
+			"invalid variable identifier '%s'", str_sanitize(variable,80));
+		return NULL;
+	}
+
 	/* Get/Declare the variable in the global scope */
 	global_var = sieve_variable_scope_get_variable(global_scope, variable, TRUE);
 
diff -r e9bb226739cb -r 08bbe5872576 src/lib-sieve/plugins/variables/ext-variables-arguments.c
--- a/src/lib-sieve/plugins/variables/ext-variables-arguments.c	Sat Jul 02 23:58:01 2011 +0200
+++ b/src/lib-sieve/plugins/variables/ext-variables-arguments.c	Tue Jul 05 20:32:28 2011 +0200
@@ -343,19 +343,19 @@
 	bool result = FALSE;
 	string_t *variable;
 	const char *varstr, *varend;
-	ARRAY_TYPE(sieve_variable_name) vname;	
+	ARRAY_TYPE(sieve_variable_name) vname;
 	int nelements = 0;
 
 	T_BEGIN {
-		t_array_init(&vname, 2);			
-	
+		t_array_init(&vname, 2);
+
 		variable = sieve_ast_argument_str(arg);
 		varstr = str_c(variable);
 		varend = PTR_OFFSET(varstr, str_len(variable));
 		nelements = ext_variable_name_parse(&vname, &varstr, varend);
 
-		/* Check whether name parsing succeeded */	
-		if ( nelements < 0 || varstr != varend ) {
+		/* Check whether name parsing succeeded */
+		if ( nelements <= 0 || varstr != varend ) {
 			/* Parse failed */
 			sieve_argument_validate_error(valdtr, arg, 
 				"invalid variable name '%s'", str_sanitize(str_c(variable),80));
diff -r e9bb226739cb -r 08bbe5872576 src/lib-sieve/plugins/variables/ext-variables-name.c
--- a/src/lib-sieve/plugins/variables/ext-variables-name.c	Sat Jul 02 23:58:01 2011 +0200
+++ b/src/lib-sieve/plugins/variables/ext-variables-name.c	Tue Jul 05 20:32:28 2011 +0200
@@ -13,14 +13,36 @@
 
 #include <ctype.h>
 
+bool sieve_variable_identifier_is_valid(const char *identifier)
+{
+	const char *p = identifier;
+	size_t plen = strlen(identifier);
+	const char *pend;
+
+	if ( plen == 0 || plen >= EXT_VARIABLES_MAX_VARIABLE_NAME_LEN )
+		return FALSE;
+
+	pend = PTR_OFFSET(identifier, plen);
+
+	if ( *p == '_' || i_isalpha(*p) ) {
+		p++;
+
+		while ( p < pend && (*p == '_' || i_isalnum(*p)) ) {
+			p++;
+		}
+	}
+
+	return ( p == pend );
+}
+
 int ext_variable_name_parse
 (ARRAY_TYPE(sieve_variable_name) *vname, const char **str, const char *strend)
 {
 	const char *p = *str;
-				
+
 	array_clear(vname);
 
-	for (;;) { 
+	while ( p < strend ) {
 		struct sieve_variable_name *cur_element;
 		string_t *cur_ident;
 
@@ -40,23 +62,23 @@
 			str_truncate(cur_ident, 0);
 			str_append_c(cur_ident, *p);
 			p++;
-		
+
 			while ( p < strend && (*p == '_' || i_isalnum(*p)) ) {
 				if ( str_len(cur_ident) >= EXT_VARIABLES_MAX_VARIABLE_NAME_LEN )
 					return -1;
 				str_append_c(cur_ident, *p);
 				p++;
 			}
-		
+
 		/* Num-variable */
 		} else if ( i_isdigit(*p) ) {
 			cur_element->num_variable = *p - '0';
 			p++;
-			
+
 			while ( p < strend && i_isdigit(*p) ) {
 				cur_element->num_variable = cur_element->num_variable*10 + (*p - '0');
 				p++;
-			} 
+			}
 
 			/* If a num-variable is first, no more elements can follow because no
 			 * namespace is specified.
@@ -69,16 +91,20 @@
 			*str = p;
 			return -1;
 		}
-		
+
 		/* Check whether next name element is present */
-		if ( p < strend && *p == '.' ) 
+		if ( p < strend && *p == '.' ) {
 			p++;
-		else
+
+			/* It may not be empty */
+			if ( p >= strend )
+				return -1;
+		} else
 			break;
 	}
-	
+
 	*str = p;
 	return array_count(vname);
-} 
- 
+}
 
+
diff -r e9bb226739cb -r 08bbe5872576 src/lib-sieve/plugins/variables/sieve-ext-variables.h
--- a/src/lib-sieve/plugins/variables/sieve-ext-variables.h	Sat Jul 02 23:58:01 2011 +0200
+++ b/src/lib-sieve/plugins/variables/sieve-ext-variables.h	Tue Jul 05 20:32:28 2011 +0200
@@ -46,6 +46,8 @@
 
 ARRAY_DEFINE_TYPE(sieve_variable_name, struct sieve_variable_name);
 
+bool sieve_variable_identifier_is_valid(const char *identifier);
+
 /*
  * Variable scope
  */
diff -r e9bb226739cb -r 08bbe5872576 tests/extensions/include/rfc-ex2-default.sieve
--- a/tests/extensions/include/rfc-ex2-default.sieve	Sat Jul 02 23:58:01 2011 +0200
+++ b/tests/extensions/include/rfc-ex2-default.sieve	Tue Jul 05 20:32:28 2011 +0200
@@ -1,6 +1,6 @@
 require ["variables", "include", "relational", "fileinto"];
 global "test";
-global "test-mailbox";
+global "test_mailbox";
 
 # The included script may contain repetitive code that is
 # effectively a subroutine that can be factored out.
