kotovalexarian-likes-gitlab
/
hagrid-keyserver--hagrid
mirror of https://gitlab.com/hagrid-keyserver/hagrid.git
1
0
Fork 0
Code Releases Activity

mail: hotfix for lettre issue

This commit is contained in:
Vincent Breitmoser 2020-11-05 12:11:02 +01:00
parent 1640a9aa44
commit 612b58dd59
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
database/src/types.rs
View File

@ -40,6 +40,11 @@ impl TryFrom<&UserID> for Email {
let domain = idna::domain_to_ascii(domain)
.map_err(|e| anyhow!("punycode conversion failed: {:?}", e))?;
// TODO this is a hotfix for a lettre vulnerability. remove once fixed upstream.
if localpart.starts_with("-") {
return Err(anyhow!("malformed email address: '{:?}'", uid.value()));
}
// Join.
let address = format!("{}@{}", localpart, domain);
@ -205,4 +210,10 @@ mod tests {
assert_eq!(c("Foo@example.org").as_str(), "foo@example.org");
assert_eq!(c("foo@EXAMPLE.ORG").as_str(), "foo@example.org");
}
#[test]
fn email_vuln() {
assert!(Email::from_str("foo <-@EXAMPLE.ORG>").is_err());
assert!(Email::from_str("-@EXAMPLE.ORG").is_err());
}
}