lib-http: harden payload tests against dodgy filenames

Tests use files from readdir() as input, but do no sanitation of the names, and therefore things like editor temp files can cause havoc with the HTTP request parser. The solution is to trap dodgy characters in the filenames, and ignore those files. Initially, trap HTTP's "unsafe" and "reserved" characters. Signed-off-by: Phil Carmody <phil@dovecot.fi>
dovecot · Aug 30, 2018 · 9a5b493 · 9a5b493
1 parent 0ad7ac2
commit 9a5b493
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/lib-http/test-http-payload.c b/src/lib-http/test-http-payload.c
@@ -67,6 +67,7 @@ static unsigned ioloop_nested_depth = 0;
 /*
  * Test files
  */
+static const char unsafe_characters[] = "\"<>#%{}|\\^~[]` ;/?:@=&";
 
 static ARRAY_TYPE(const_string) files;
 static pool_t files_pool;
@@ -92,7 +93,8 @@ static void test_files_read_dir(const char *path)
 		errno = 0;
 		if ((dp=readdir(dirp)) == NULL)
 			break;
-		if (*dp->d_name == '.')
+		if (*dp->d_name == '.' ||
+		    dp->d_name[strcspn(dp->d_name, unsafe_characters)] != '\0')
 			continue;
 
 		file = t_abspath_to(dp->d_name, path);