summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--mailinfo.c11
-rwxr-xr-xt/t4254-am-corrupt.sh53
2 files changed, 58 insertions, 6 deletions
diff --git a/mailinfo.c b/mailinfo.c
index 742fa376ab..5681d9130d 100644
--- a/mailinfo.c
+++ b/mailinfo.c
@@ -447,19 +447,21 @@ static int convert_to_utf8(struct mailinfo *mi,
struct strbuf *line, const char *charset)
{
char *out;
+ size_t out_len;
if (!mi->metainfo_charset || !charset || !*charset)
return 0;
if (same_encoding(mi->metainfo_charset, charset))
return 0;
- out = reencode_string(line->buf, mi->metainfo_charset, charset);
+ out = reencode_string_len(line->buf, line->len,
+ mi->metainfo_charset, charset, &out_len);
if (!out) {
mi->input_error = -1;
return error("cannot convert from %s to %s",
charset, mi->metainfo_charset);
}
- strbuf_attach(line, out, strlen(out), strlen(out));
+ strbuf_attach(line, out, out_len, out_len);
return 0;
}
@@ -1136,6 +1138,11 @@ static void handle_info(struct mailinfo *mi)
else
continue;
+ if (memchr(hdr->buf, '\0', hdr->len)) {
+ error("a NUL byte in '%s' is not allowed.", header[i]);
+ mi->input_error = -1;
+ }
+
if (!strcmp(header[i], "Subject")) {
if (!mi->keep_subject) {
cleanup_subject(mi, hdr);
diff --git a/t/t4254-am-corrupt.sh b/t/t4254-am-corrupt.sh
index fd3bdbfe2c..daf01c309d 100755
--- a/t/t4254-am-corrupt.sh
+++ b/t/t4254-am-corrupt.sh
@@ -3,6 +3,37 @@
test_description='git am with corrupt input'
. ./test-lib.sh
+make_mbox_with_nul () {
+ space=' '
+ q_nul_in_subject=
+ q_nul_in_body=
+ while test $# -ne 0
+ do
+ case "$1" in
+ subject) q_nul_in_subject='=00' ;;
+ body) q_nul_in_body='=00' ;;
+ esac &&
+ shift
+ done &&
+ cat <<-EOF
+ From ec7364544f690c560304f5a5de9428ea3b978b26 Mon Sep 17 00:00:00 2001
+ From: A U Thor <author@example.com>
+ Date: Sun, 19 Apr 2020 13:42:07 +0700
+ Subject: [PATCH] =?ISO-8859-1?q?=C4=CB${q_nul_in_subject}=D1=CF=D6?=
+ MIME-Version: 1.0
+ Content-Type: text/plain; charset=ISO-8859-1
+ Content-Transfer-Encoding: quoted-printable
+
+ abc${q_nul_in_body}def
+ ---
+ diff --git a/afile b/afile
+ new file mode 100644
+ index 0000000000..e69de29bb2
+ --$space
+ 2.26.1
+ EOF
+}
+
test_expect_success setup '
# Note the missing "+++" line:
cat >bad-patch.diff <<-\EOF &&
@@ -25,13 +56,27 @@ test_expect_success setup '
# fatal: unable to write file '(null)' mode 100644: Bad address
# Also, it had the unwanted side-effect of deleting f.
test_expect_success 'try to apply corrupted patch' '
- test_must_fail git -c advice.amWorkDir=false am bad-patch.diff 2>actual
-'
-
-test_expect_success 'compare diagnostic; ensure file is still here' '
+ test_when_finished "git am --abort" &&
+ test_must_fail git -c advice.amWorkDir=false am bad-patch.diff 2>actual &&
echo "error: git diff header lacks filename information (line 4)" >expected &&
test_path_is_file f &&
test_i18ncmp expected actual
'
+test_expect_success "NUL in commit message's body" '
+ test_when_finished "git am --abort" &&
+ make_mbox_with_nul body >body.patch &&
+ test_must_fail git am body.patch 2>err &&
+ grep "a NUL byte in commit log message not allowed" err
+'
+
+test_expect_success "NUL in commit message's header" "
+ test_when_finished 'git am --abort' &&
+ make_mbox_with_nul subject >subject.patch &&
+ test_must_fail git mailinfo msg patch <subject.patch 2>err &&
+ grep \"a NUL byte in 'Subject' is not allowed\" err &&
+ test_must_fail git am subject.patch 2>err &&
+ grep \"a NUL byte in 'Subject' is not allowed\" err
+"
+
test_done