FIX: Strip null bytes in mail subjects.

2018-10-11 09:46:32 +08:00 · 2018-10-11 09:46:32 +08:00 · 5039a6c3f1
parent ffc241eb25
commit 5039a6c3f1
3 changed files with 12 additions and 1 deletions
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@ -52,10 +52,12 @@ module Email
      raise EmptyEmailError if mail_string.blank?
      @staged_users = []
      @raw_email = mail_string
+
      COMMON_ENCODINGS.each do |encoding|
        fixed = try_to_encode(mail_string, encoding)
        break @raw_email = fixed if fixed.present?
      end
+
      @mail = Mail.new(@raw_email)
      @message_id = @mail.message_id.presence || Digest::MD5.hexdigest(mail_string)
      @opts = opts
@ -482,7 +484,10 @@ module Email
    end

    def subject
-      @suject ||= @mail.subject.presence || I18n.t("emails.incoming.default_subject", email: @from_email)
+      @subject ||= begin
+        mail_subject = @mail.subject.delete("\u0000")
+        mail_subject.presence || I18n.t("emails.incoming.default_subject", email: @from_email)
+      end
    end

    def find_user(email)
--- a/spec/components/email/receiver_spec.rb
+++ b/spec/components/email/receiver_spec.rb
@ -117,6 +117,12 @@ describe Email::Receiver do
    expect(IncomingEmail.last.error).to eq("RuntimeError")
  end

+  it "strips null bytes from the subject" do
+    expect do
+      process(:null_byte_in_subject)
+    end.to raise_error(Email::Receiver::BadDestinationAddress)
+  end
+
  context "bounces to VERP" do

    let(:bounce_key) { "14b08c855160d67f2e0c2f8ef36e251e" }
--- a/spec/fixtures/emails/null_byte_in_subject.eml
+++ b/spec/fixtures/emails/null_byte_in_subject.eml