FIX: Strip null bytes in mail subjects.

lib/email/receiver.rb

@@ -52,10 +52,12 @@ module Email
       raise EmptyEmailError if mail_string.blank?
       @staged_users = []
       @raw_email = mail_string
+
       COMMON_ENCODINGS.each do |encoding|
         fixed = try_to_encode(mail_string, encoding)
         break @raw_email = fixed if fixed.present?
       end
+
       @mail = Mail.new(@raw_email)
       @message_id = @mail.message_id.presence || Digest::MD5.hexdigest(mail_string)
       @opts = opts
@@ -482,7 +484,10 @@ module Email
     end
 
     def subject
-      @suject ||= @mail.subject.presence || I18n.t("emails.incoming.default_subject", email: @from_email)
+      @subject ||= begin
+        mail_subject = @mail.subject.delete("\u0000")
+        mail_subject.presence || I18n.t("emails.incoming.default_subject", email: @from_email)
+      end
     end
 
     def find_user(email)

spec/components/email/receiver_spec.rb

@@ -117,6 +117,12 @@ describe Email::Receiver do
     expect(IncomingEmail.last.error).to eq("RuntimeError")
   end
 
+  it "strips null bytes from the subject" do
+    expect do
+      process(:null_byte_in_subject)
+    end.to raise_error(Email::Receiver::BadDestinationAddress)
+  end
+
   context "bounces to VERP" do
 
     let(:bounce_key) { "14b08c855160d67f2e0c2f8ef36e251e" }

spec/fixtures/emails/null_byte_in_subject.eml

@@ -0,0 +1,11 @@
+Return-Path: <discourse@bar.com>
+From: Foo Bar <discourse@bar.com>
+To: category@foo.com
+Subject: =?ISO_8859-1?Q?testing=00?=
+Date: Fri, 15 Jan 2016 00:12:43 +0100
+Message-ID: <31@foo.bar.mail>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: quoted-printable
+
+Hey, this is a topic from a complete stranger ;)