Merge pull request trusteddomainproject#179 from futatuki/arc_parse_h…

…eader_field-check-field-name-len From the restriction of RFC5322 section 2.1.1 and section 2.2, length of email header field name cannot be more than 997. With this PR, we define a constant macro for it, and then apply this restriction on parsing header field. Also, reduce size of a buffer for copying header field name. trusteddomainproject#179
futatuki · Sep 18, 2024 · 99b6e7d · 99b6e7d
2 parents 47d735a + b2fd0c8
commit 99b6e7d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/libopenarc/arc.c b/libopenarc/arc.c
@@ -2466,7 +2466,7 @@ arc_parse_header_field(ARC_MESSAGE *msg, u_char *hdr, size_t hlen,
 		end--;
 
 	/* don't allow incredibly large field names */
-	if (end - hdr > ARC_MAXHEADER)
+	if (end - hdr > ARC_MAXHDRNAMELEN)
 		return ARC_STAT_SYNTAX;
 
 	/* don't allow a field name containing a semicolon */
@@ -2816,8 +2816,8 @@ arc_eoh(ARC_MESSAGE *msg)
 
 	for (h = msg->arc_hhead; h != NULL; h = h->hdr_next)
 	{
-		char hnbuf[ARC_MAXHEADER + 1];
-		assert(h->hdr_namelen <= ARC_MAXHEADER);
+		char hnbuf[ARC_MAXHDRNAMELEN + 1];
+		assert(h->hdr_namelen <= ARC_MAXHDRNAMELEN);
 
 		memset(hnbuf, '\0', sizeof hnbuf);
 		strncpy(hnbuf, h->hdr_text, h->hdr_namelen);

diff --git a/libopenarc/arc.h b/libopenarc/arc.h
@@ -46,6 +46,8 @@ extern "C" {
 #define ARC_HDRMARGIN		75	/* "standard" header margin */
 #define ARC_MAXHEADER		4096	/* buffer for caching one header */
 #define	ARC_MAXHOSTNAMELEN	256	/* max. FQDN we support */
+#define ARC_MAXLINELEN		1000	/* physical line limit (RFC5321) */
+#define ARC_MAXHDRNAMELEN	(ARC_MAXLINELEN - 3) /* deduct ":" CRLF */
 
 #define	ARC_AR_HDRNAME		"ARC-Authentication-Results"
 #define	ARC_DEFAULT_MINKEYSIZE	1024