mailinfo: don't decode invalid =XY quoted-printable sequences
authorRené Scharfe <l.s.r@web.de>
Sat, 23 Sep 2017 18:04:40 +0000 (20:04 +0200)
committerJunio C Hamano <gitster@pobox.com>
Sun, 24 Sep 2017 01:29:19 +0000 (10:29 +0900)
Decode =XY in quoted-printable segments only if X and Y are hexadecimal
digits, otherwise just copy them. That's at least better than
interpreting negative results from hexval() as a character.

Reported-by: Jeff King <peff@peff.net>
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
mailinfo.c
index b4118a02757212871e3402532ab5c422a5ba043f..5a597ef89ca6f8cfc0affe0ec3659d663f680b4b 100644 (file)
@@ -367,11 +367,16 @@ static struct strbuf *decode_q_segment(const struct strbuf *q_seg, int rfc2047)
 
        while ((c = *in++) != 0) {
                if (c == '=') {
-                       int d = *in++;
+                       int ch, d = *in;
                        if (d == '\n' || !d)
                                break; /* drop trailing newline */
-                       strbuf_addch(out, (hexval(d) << 4) | hexval(*in++));
-                       continue;
+                       ch = hex2chr(in);
+                       if (ch >= 0) {
+                               strbuf_addch(out, ch);
+                               in += 2;
+                               continue;
+                       }
+                       /* garbage -- fall through */
                }
                if (rfc2047 && c == '_') /* rfc2047 4.2 (2) */
                        c = 0x20;