From 2779c381ec0d8f6fdac084f439e4977f722284d9 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@operamail.com>
Date: Sat, 20 Sep 2014 12:49:24 +0200
Subject: verify that headers in messages are encoded with proper utf-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@operamail.com>
---
 src/libmdsserver/mds-message.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/libmdsserver/mds-message.c b/src/libmdsserver/mds-message.c
index a5b9b95..d616355 100644
--- a/src/libmdsserver/mds-message.c
+++ b/src/libmdsserver/mds-message.c
@@ -18,6 +18,7 @@
 #include "mds-message.h"
 
 #include "macros.h"
+#include "util.h"
 
 #include <stdlib.h>
 #include <string.h>
@@ -179,7 +180,7 @@ static int get_payload_length(mds_message_t* restrict this)
 
 
 /**
- * Verify that a header is correctly formated
+ * Verify that a header is correctly formatted
  * 
  * @param   header  The header, must be NUL-terminated
  * @param   length  The length of the header
@@ -189,6 +190,11 @@ static int __attribute__((pure)) validate_header(const char* header, size_t leng
 {
   char* p = memchr(header, ':', length * sizeof(char));
   
+  if (verify_utf8(header, 0) < 0)
+    /* Either the string is not UTF-8, or your are under an UTF-8 attack,
+       lets just call this unrecoverable because the client will not correct. */
+    return -2;
+  
   if ((p == NULL) || /* Buck you, rawmemchr should not segfault the program. */
       (p[1] != ' ')) /* Also an invalid format. ' ' is mandated after the ':'. */
     return -2;
-- 
cgit v1.2.3-70-g09d2