这是indexloc提供的服务,不要输入任何密码
Skip to content

textproto: check header characters #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 28, 2020
Merged

textproto: check header characters #89

merged 1 commit into from
May 28, 2020

Conversation

@dvalter
Copy link
Contributor

@dvalter dvalter commented Apr 27, 2020

Add checks for header field name according to RFC 6532 and disallow newline characters in field values.

Resolves #80

foxcpp
foxcpp reviewed Apr 27, 2020
View reviewed changes
@foxcpp
Copy link
Collaborator

foxcpp commented Apr 27, 2020

LGTM otherwise.

@dvalter dvalter force-pushed the feature/header-field-char-checks branch from 4e1b86c to ce2b371 Compare April 28, 2020 20:44
@codecov-io
Copy link

codecov-io commented Apr 28, 2020

Codecov Report

Merging #89 into master will decrease coverage by 0.23%.
The diff coverage is 77.77%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #89      +/-   ##
==========================================
- Coverage   79.49%   79.26%   -0.24%     
==========================================
  Files          15       15              
  Lines         995     1003       +8     
==========================================
+ Hits          791      795       +4     
- Misses        128      132       +4     
  Partials       76       76
Impacted Files Coverage Δ
mail/reader.go 86.66% <ø> (ø)
textproto/header.go 82.74% <77.77%> (-0.95%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f828d02...ce2b371. Read the comment docs.

@emersion emersion added the breaking Breaking change label Apr 29, 2020
@emersion
Copy link
Owner

emersion commented Apr 29, 2020

Question: should Header.Add return an error, or should we return an error when formatting the header?

  • Returning an error in Header.Add makes it a little bit annoying for callers to add headers since they need to error-check each time. Also, existing users may have header fields silently dropped, so this may be confusing/annoying to debug.
  • Returning an error when formatting the header may make it more difficult to trace which Header.Add call is responsible for the malformed header.

@foxcpp
Copy link
Collaborator

foxcpp commented Apr 29, 2020
edited
Loading

Returning an error when formatting the header may make it more difficult to trace which Header.Add call is responsible for the malformed header.

Adding enough information to the error message to identify exact field that caused it can help.

I agree with your concerns regarding Header.Add. It is unexpected that Header.Add can fail and some people just ignore errors if it gets too verbose and "cannot possibly fail here".

@foxcpp
Copy link
Collaborator

foxcpp commented Apr 29, 2020

Therefore I think it is a good idea to move check to the formatting time and make error look like "Nth DKIM-Signature value contains invalid characters"

@dvalter dvalter force-pushed the feature/header-field-char-checks branch from ce2b371 to 0d51a5f Compare May 1, 2020 10:19
@dvalter
Copy link
Contributor Author

dvalter commented May 1, 2020

I moved checks to WriteHeader. However I'm not sure about error message format and the fact that we go there from the last header towards the first and error in header k does not mean any of k-n is fine.

Regarding rebase to master, in c512562 header type check was moved to a separate function, and I honestly have no idea how keep it clean and informative about what exact header is incorrect

@emersion
Copy link
Owner

emersion commented May 1, 2020
edited
Loading

Maybe this?

if _, err := w.Write(f.raw()); err != nil {
    return fmt.Errorf("failed to write header field #%v (%q): %w", len(h.l) - i, f.k, err)
}

@emersion
Copy link
Owner

emersion commented May 1, 2020

But I wonder if it's a good idea to export DisallowedCharacterError at all. Maybe we should wait for someone to ask for it. Depending on the use-case it may make sense to have e.g. HeaderFieldError.

@dvalter
Copy link
Contributor Author

dvalter commented May 1, 2020
edited
Loading

Maybe this?

In your example err is returned by writer.
There is the closest code I can come up with, in case we add this check to raw() or something close if there will be another validation function.

if rawField, err := f.raw(); err == nil {
	if _, err := w.Write(rawField); err != nil {
		return err
	}
} else {
	return fmt.Errorf("failed to write header field #%v (%q): %w", len(h.l) - i, f.k, err)
}

@dvalter
textproto: check header characters
b17a418 
Add checks for header field name according to RFC 6532 and disallow newline
characters in field values.
@dvalter dvalter force-pushed the feature/header-field-char-checks branch from 0d51a5f to b17a418 Compare May 2, 2020 20:34
emersion
emersion approved these changes May 28, 2020
View reviewed changes
Copy link
Owner

@emersion emersion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@emersion emersion merged commit d262af7 into emersion:master May 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@foxcpp foxcpp foxcpp left review comments

@emersion emersion emersion approved these changes

Assignees

No one assigned

Labels

breaking Breaking change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

RFC 5322 character use limitation

4 participants

@dvalter @foxcpp @codecov-io @emersion