dovecot-2.2: pop3: satisfy some strict parsing rules in RFC 1939

Fri Aug 15 12:05:23 UTC 2014

details:   http://hg.dovecot.org/dovecot-2.2/rev/a45147ddd655
changeset: 17719:a45147ddd655
user:      Phil Carmody <phil at dovecot.fi>
date:      Fri Aug 15 15:02:59 2014 +0300
description:
pop3: satisfy some strict parsing rules in RFC 1939
"Commands in the POP3 consist of a case-insensitive keyword, possibly
 followed by one or more arguments.  All commands are terminated by a
 CRLF pair.  Keywords and arguments consist of printable ASCII
 characters.  Keywords and arguments are each separated by a single
 SPACE character."

"A server MUST respond to an unrecognized, unimplemented, or
 syntactically invalid command by responding with a negative status
 indicator."

Therefore the following commands must be rejected:
LIST 2600Hz
LIST 99 red balloons
TOP 1 2 buckle-my-shoe

Signed-off-by: Phil Carmody <phil at dovecot.fi>

diffstat:

 src/pop3/pop3-commands.c |  25 +++++++++++++++++--------
 1 files changed, 17 insertions(+), 8 deletions(-)

diffs (93 lines):

diff -r 88d95b8f8a19 -r a45147ddd655 src/pop3/pop3-commands.c

--- a/src/pop3/pop3-commands.c	Fri Aug 15 15:02:59 2014 +0300
+++ b/src/pop3/pop3-commands.c	Fri Aug 15 15:02:59 2014 +0300
@@ -26,7 +26,7 @@
 }
 
 static const char *get_msgnum(struct client *client, const char *args,
-			      unsigned int *msgnum)
+			      unsigned int *msgnum, bool thenspace)
 {
 	unsigned int num;
 
@@ -40,6 +40,11 @@
 				 "-ERR Message number too large: %s", args);
 		return NULL;
 	}
+	if (*args != (thenspace ? ' ' : '\0')) {
+		client_send_line(client,
+				 "-ERR Noise after message number: %s", args);
+		return NULL;
+	}
 	if (num == 0 || num > client->messages_count) {
 		client_send_line(client,
 				 "-ERR There's no message %u.", num);
@@ -62,7 +67,7 @@
 }
 
 static const char *get_size(struct client *client, const char *args,
-			    uoff_t *size)
+			    uoff_t *size, bool thenspace)
 {
 	uoff_t num;
 
@@ -76,6 +81,10 @@
 				 args);
 		return NULL;
 	}
+	if (*args != (thenspace ? ' ' : '\0')) {
+		client_send_line(client, "-ERR Noise after size: %s", args);
+		return NULL;
+	}
 
 	while (*args == ' ') args++;
 
@@ -93,7 +102,7 @@
 {
 	unsigned int msgnum;
 
-	if (get_msgnum(client, args, &msgnum) == NULL)
+	if (get_msgnum(client, args, &msgnum, FALSE) == NULL)
 		return -1;
 
 	if (!client->deleted) {
@@ -155,7 +164,7 @@
 	} else {
 		unsigned int msgnum;
 
-		if (get_msgnum(client, args, &msgnum) == NULL)
+		if (get_msgnum(client, args, &msgnum, FALSE) == NULL)
 			return -1;
 
 		client_send_line(client, "+OK %u %"PRIuUOFF_T, msgnum+1,
@@ -470,7 +479,7 @@
 {
 	unsigned int msgnum;
 
-	if (get_msgnum(client, args, &msgnum) == NULL)
+	if (get_msgnum(client, args, &msgnum, FALSE) == NULL)
 		return -1;
 
 	if (client->lowest_retr_pop3_msn > msgnum+1 ||
@@ -534,10 +543,10 @@
 	unsigned int msgnum;
 	uoff_t max_lines;
 
-	args = get_msgnum(client, args, &msgnum);
+	args = get_msgnum(client, args, &msgnum, TRUE);
 	if (args == NULL)
 		return -1;
-	if (get_size(client, args, &max_lines) == NULL)
+	if (get_size(client, args, &max_lines, FALSE) == NULL)
 		return -1;
 
 	client->top_count++;
@@ -860,7 +869,7 @@
 	} else {
 		unsigned int msgnum;
 
-		if (get_msgnum(client, args, &msgnum) == NULL)
+		if (get_msgnum(client, args, &msgnum, FALSE) == NULL)
 			return -1;
 
 		seq = msgnum_to_seq(client, msgnum);
