Merge branch 'jk/mailinfo-oob-read-fix'

OOB read fix. * jk/mailinfo-oob-read-fix: mailinfo: fix out-of-bounds memory reads in unquote_quoted_pair()
2024-11-05 01:58:18 +00:00 · 2023-12-27 14:52:24 -08:00 · 2023-12-27 14:52:24 -08:00 · db2cf6f3bb
commit db2cf6f3bb
parent f09e74175d d1bd3a8c34
2 changed files with 26 additions and 4 deletions
--- a/mailinfo.c
+++ b/mailinfo.c
@ -58,12 +58,12 @@ static void parse_bogus_from(struct mailinfo *mi, const struct strbuf *line)

 static const char *unquote_comment(struct strbuf *outbuf, const char *in)
 {
-	int c;
 	int take_next_literally = 0;

 	strbuf_addch(outbuf, '(');

-	while ((c = *in++) != 0) {
+	while (*in) {
+		int c = *in++;
 		if (take_next_literally == 1) {
 			take_next_literally = 0;
 		} else {
@ -88,10 +88,10 @@ static const char *unquote_comment(struct strbuf *outbuf, const char *in)

 static const char *unquote_quoted_string(struct strbuf *outbuf, const char *in)
 {
-	int c;
 	int take_next_literally = 0;

-	while ((c = *in++) != 0) {
+	while (*in) {
+		int c = *in++;
 		if (take_next_literally == 1) {
 			take_next_literally = 0;
 		} else {
--- a/t/t5100-mailinfo.sh
+++ b/t/t5100-mailinfo.sh
@ -268,4 +268,26 @@ test_expect_success 'mailinfo warn CR in base64 encoded email' '
 	test_must_be_empty quoted-cr/0002.err
 '

+test_expect_success 'from line with unterminated quoted string' '
+	echo "From: bob \"unterminated string smith <bob@example.com>" >in &&
+	git mailinfo /dev/null /dev/null <in >actual &&
+	cat >expect <<-\EOF &&
+	Author: bob unterminated string smith
+	Email: bob@example.com
+
+	EOF
+	test_cmp expect actual
+'
+
+test_expect_success 'from line with unterminated comment' '
+	echo "From: bob (unterminated comment smith <bob@example.com>" >in &&
+	git mailinfo /dev/null /dev/null <in >actual &&
+	cat >expect <<-\EOF &&
+	Author: bob (unterminated comment smith
+	Email: bob@example.com
+
+	EOF
+	test_cmp expect actual
+'
+
 test_done