Skipped 2 existing revision(s) on branch '1.4'. commit 4b185e35fe2e274346ff7c3f7a44c4b131bb0285 Merge: 594e60b d55ced0 Author: Oswald Buddenhagen <o...@users.sf.net> Date: Sun Feb 21 21:26:54 2021 +0100
Merge branch '1.3' into 1.4 Conflicts: configure.ac src/drv_imap.c src/drv_imap.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --cc src/drv_imap.c index e6e4b26,fbe2fed..f18500d --- a/src/drv_imap.c +++ b/src/drv_imap.c @@@ -1378,9 -1258,8 +1378,9 @@@ static in parse_list_rsp_p2( imap_store_t *ctx, list_t *list, char *cmd ATTR_UNUSED ) { string_list_t *narg; - char *arg; + char *arg, c; - int argl, l; + int argl; + uint l; if (!is_atom( list )) { error( "IMAP error: malformed LIST response\n" ); @@@ -1417,13 -1298,43 +1417,41 @@@ memcpy( arg, "INBOX", 5 ); } if (argl >= 5 && !memcmp( arg + argl - 5, ".lock", 5 )) /* workaround broken servers */ - goto skip; + return LIST_OK; if (map_name( arg, (char **)&narg, offsetof(string_list_t, string), ctx->delimiter, "/") < 0) { warn( "IMAP warning: ignoring mailbox %s (reserved character '/' in name)\n", arg ); - goto skip; + return LIST_OK; } + // Validate the normalized name. Technically speaking, we could tolerate + // '//' and '/./', and '/../' being forbidden is a limitation of the Maildir + // driver, but there isn't really a legitimate reason for these being present. + for (const char *p = narg->string, *sp = p;;) { + if (!(c = *p) || c == '/') { + uint pcl = (uint)(p - sp); + if (!pcl) { + error( "IMAP warning: ignoring mailbox '%s' due to empty name component\n", narg->string ); + free( narg ); - goto skip; ++ return LIST_OK; + } + if (pcl == 1 && sp[0] == '.') { + error( "IMAP warning: ignoring mailbox '%s' due to '.' component\n", narg->string ); + free( narg ); - goto skip; ++ return LIST_OK; + } + if (pcl == 2 && sp[0] == '.' && sp[1] == '.') { + error( "IMAP error: LIST'd mailbox name '%s' contains '..' component - THIS MIGHT BE AN ATTEMPT TO HACK YOU!\n", narg->string ); + free( narg ); - goto listbad; ++ return LIST_BAD; + } + if (!c) + break; + sp = ++p; + } else { + ++p; + } + } narg->next = ctx->boxes; ctx->boxes = narg; - skip: - free_list( list ); return LIST_OK; } ===== Full diff against 1st parent ===== diff --git a/src/drv_imap.c b/src/drv_imap.c index e6e4b26..f18500d 100644 --- a/src/drv_imap.c +++ b/src/drv_imap.c @@ -1378,7 +1378,7 @@ static int parse_list_rsp_p2( imap_store_t *ctx, list_t *list, char *cmd ATTR_UNUSED ) { string_list_t *narg; - char *arg; + char *arg, c; int argl; uint l; @@ -1422,6 +1422,34 @@ parse_list_rsp_p2( imap_store_t *ctx, list_t *list, char *cmd ATTR_UNUSED ) warn( "IMAP warning: ignoring mailbox %s (reserved character '/' in name)\n", arg ); return LIST_OK; } + // Validate the normalized name. Technically speaking, we could tolerate + // '//' and '/./', and '/../' being forbidden is a limitation of the Maildir + // driver, but there isn't really a legitimate reason for these being present. + for (const char *p = narg->string, *sp = p;;) { + if (!(c = *p) || c == '/') { + uint pcl = (uint)(p - sp); + if (!pcl) { + error( "IMAP warning: ignoring mailbox '%s' due to empty name component\n", narg->string ); + free( narg ); + return LIST_OK; + } + if (pcl == 1 && sp[0] == '.') { + error( "IMAP warning: ignoring mailbox '%s' due to '.' component\n", narg->string ); + free( narg ); + return LIST_OK; + } + if (pcl == 2 && sp[0] == '.' && sp[1] == '.') { + error( "IMAP error: LIST'd mailbox name '%s' contains '..' component - THIS MIGHT BE AN ATTEMPT TO HACK YOU!\n", narg->string ); + free( narg ); + return LIST_BAD; + } + if (!c) + break; + sp = ++p; + } else { + ++p; + } + } narg->next = ctx->boxes; ctx->boxes = narg; return LIST_OK; _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel