From 50d8975f9d572077e366808d166bd2b19bf6fd1d Mon Sep 17 00:00:00 2001
From: Ludovic Marcotte <lmarcotte@inverse.ca>
Date: Wed, 1 Feb 2017 13:03:27 -0500
Subject: [PATCH] (fix) improve EAS parameters parsing (fixes #4003)

---
 ActiveSync/NSString+ActiveSync.m      | 9 +++++++++
 ActiveSync/SOGoActiveSyncDispatcher.m | 8 ++++++++
 2 files changed, 17 insertions(+)

diff --git a/ActiveSync/NSString+ActiveSync.m b/ActiveSync/NSString+ActiveSync.m
index 7dc740505e..a5e4f4a951 100644
--- a/ActiveSync/NSString+ActiveSync.m
+++ b/ActiveSync/NSString+ActiveSync.m
@@ -148,6 +148,10 @@ - (NSString *) protocolVersion
       const char* qs_bytes;
 
       queryString = [[components objectAtIndex: 0] dataByDecodingBase64];
+
+      if (![queryString length])
+        return nil;
+
       qs_bytes = (const char*)[queryString bytes];
 
       return [NSString stringWithFormat:@"%.1f", (float)((uint8_t)qs_bytes[0]/10)];
@@ -196,6 +200,11 @@ - (NSString *) _valueForParameter: (NSString *) theParameter
 
       // Command code, 1 byte, ie.: cmd=
       cmd_code = qs_bytes[1];
+
+      // Check whether the command code is within the known range.
+      if (cmd_code < 0 || cmd_code > 22)
+        return nil;
+
       [components addObject: [NSString stringWithFormat: @"cmd=%@", [easCommandCodes objectAtIndex: cmd_code]]];
 
       // Device ID length and Device ID (variable)
diff --git a/ActiveSync/SOGoActiveSyncDispatcher.m b/ActiveSync/SOGoActiveSyncDispatcher.m
index 3e03549c97..6491d9ec3a 100644
--- a/ActiveSync/SOGoActiveSyncDispatcher.m
+++ b/ActiveSync/SOGoActiveSyncDispatcher.m
@@ -3983,6 +3983,14 @@ - (NSException *) dispatchRequest: (id) theRequest
 
   // Get the device ID, device type and "stash" them
   deviceId = [[theRequest uri] deviceId];
+
+  if ([deviceId isEqualToString: @"Unknown"])
+    {
+      [(WOResponse *)theResponse setStatus: 500];
+      [self logWithFormat: @"EAS - No device id provided, ignoring request."];
+      return nil;
+    }
+
   [context setObject: deviceId  forKey: @"DeviceId"];
   [context setObject: [[theRequest uri] deviceType]  forKey: @"DeviceType"];
   [context setObject: [[theRequest uri] attachmentName]  forKey: @"AttachmentName"];