Skip to content

Commit

Permalink
fix(GODT-2595): Fix out of bounds crash in rfc822 parser
Browse files Browse the repository at this point in the history
  • Loading branch information
LBeernaertProton committed May 12, 2023
1 parent 861a509 commit 580e733
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 4 deletions.
7 changes: 7 additions & 0 deletions rfc822/parser.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"encoding/base64"
"errors"
"fmt"
"io"
"mime/quotedprintable"

Expand Down Expand Up @@ -113,6 +114,12 @@ func (section *Section) Part(identifier ...int) (*Section, error) {
}

if len(children) != 0 {
childIndex := identifier[0] - 1

if childIndex >= len(children) {
return nil, fmt.Errorf("invalid part index")
}

return children[identifier[0]-1].Part(identifier[1:]...)
}
}
Expand Down
17 changes: 13 additions & 4 deletions rfc822/parser_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,7 @@ This part does end with a linebreak.
}
}

func TestParseEmbeddedMessage(t *testing.T) {
const literal = `From: Nathaniel Borenstein <nsb@bellcore.com>
const embeddedLiteral = `From: Nathaniel Borenstein <nsb@bellcore.com>
To: Ned Freed <ned@innosoft.com>
Subject: Sample message
MIME-Version: 1.0
Expand Down Expand Up @@ -134,9 +133,10 @@ This part is also embedded
This is the epilogue. It is also to be ignored.
`

section := Parse([]byte(literal))
func TestParseEmbeddedMessage(t *testing.T) {
section := Parse([]byte(embeddedLiteral))

assert.Equal(t, literal, string(section.Literal()))
assert.Equal(t, embeddedLiteral, string(section.Literal()))

{
part, err := section.Part(1)
Expand Down Expand Up @@ -341,3 +341,12 @@ func FuzzParseDec(f *testing.F) {
_, _ = Parse(inputData).DecodedBody()
})
}

func TestParserAccessingInvalidPartDoesNotCrash(t *testing.T) {
section := Parse([]byte(embeddedLiteral))

assert.Equal(t, embeddedLiteral, string(section.Literal()))

_, err := section.Part(2, 3)
require.Error(t, err)
}

0 comments on commit 580e733

Please sign in to comment.