fix(GODT-2595): Fix out of bounds crash in rfc822 parser

ProtonMail · May 12, 2023 · 580e733 · 580e733
1 parent 861a509
commit 580e733
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/rfc822/parser.go b/rfc822/parser.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/base64"
 	"errors"
+	"fmt"
 	"io"
 	"mime/quotedprintable"
 
@@ -113,6 +114,12 @@ func (section *Section) Part(identifier ...int) (*Section, error) {
 		}
 
 		if len(children) != 0 {
+			childIndex := identifier[0] - 1
+
+			if childIndex >= len(children) {
+				return nil, fmt.Errorf("invalid part index")
+			}
+
 			return children[identifier[0]-1].Part(identifier[1:]...)
 		}
 	}

diff --git a/rfc822/parser_test.go b/rfc822/parser_test.go
@@ -95,8 +95,7 @@ This part does end with a linebreak.
 	}
 }
 
-func TestParseEmbeddedMessage(t *testing.T) {
-	const literal = `From: Nathaniel Borenstein <nsb@bellcore.com> 
+const embeddedLiteral = `From: Nathaniel Borenstein <nsb@bellcore.com> 
 To:  Ned Freed <ned@innosoft.com> 
 Subject: Sample message 
 MIME-Version: 1.0 
@@ -134,9 +133,10 @@ This part is also embedded
 This is the epilogue.  It is also to be ignored.
 `
 
-	section := Parse([]byte(literal))
+func TestParseEmbeddedMessage(t *testing.T) {
+	section := Parse([]byte(embeddedLiteral))
 
-	assert.Equal(t, literal, string(section.Literal()))
+	assert.Equal(t, embeddedLiteral, string(section.Literal()))
 
 	{
 		part, err := section.Part(1)
@@ -341,3 +341,12 @@ func FuzzParseDec(f *testing.F) {
 		_, _ = Parse(inputData).DecodedBody()
 	})
 }
+
+func TestParserAccessingInvalidPartDoesNotCrash(t *testing.T) {
+	section := Parse([]byte(embeddedLiteral))
+
+	assert.Equal(t, embeddedLiteral, string(section.Literal()))
+
+	_, err := section.Part(2, 3)
+	require.Error(t, err)
+}