fix(GODT-2587): Fix out of bounds access in slice for empty header field

ProtonMail · Apr 25, 2023 · dfde413 · dfde413
1 parent cb4a32a
commit dfde413
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/rfc822/header_parser.go b/rfc822/header_parser.go
@@ -105,7 +105,11 @@ func (hp *headerParser) next() (parsedHeaderEntry, error) {
 		searchOffset++
 	}
 
-	result.valueStart = searchOffset
+	if searchOffset < headerLen {
+		result.valueStart = searchOffset
+	} else {
+		result.valueStart = headerLen
+	}
 
 	for searchOffset < headerLen {
 		b := hp.header[searchOffset]

diff --git a/rfc822/header_test.go b/rfc822/header_test.go
@@ -400,3 +400,10 @@ func TestHeader_InvalidCharAfterColonIsError(t *testing.T) {
 	_, err := NewHeader([]byte(literal))
 	require.Error(t, err)
 }
+
+func TestHeader_SingleEmptyField(t *testing.T) {
+	header, err := NewHeader([]byte("Content-tYpe:\r")) //Panic
+	require.NoError(t, err)
+
+	require.Empty(t, header.Get("Content-Type"))
+}