Skip to content

fix off-by-one over-read of label in rfc822_decode_punycode#292

Open
Usamak06 wants to merge 1 commit into
dovecot:mainfrom
Usamak06:punycode-label-overread
Open

fix off-by-one over-read of label in rfc822_decode_punycode#292
Usamak06 wants to merge 1 commit into
dovecot:mainfrom
Usamak06:punycode-label-overread

Conversation

@Usamak06

Copy link
Copy Markdown

rfc822_decode_punycode() appends delim - pos + 1 bytes for each label so the trailing '.' gets copied, but for the last label there is no dot and delim equals end, so the +1 reads and appends one byte past the given length (input[len]). The decoded result then carries a stray trailing byte. This copies only the label and appends the '.' separately when delim is still inside the input, which also drops the duplicated append expression. Added a length check to the existing punycode test since str_c() hid the extra byte behind its NUL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant