Mail: stricter IMAP literals validation.

As clarified in RFC 3501, Section 7.5, literals are followed either by SP, for additional command arguments, or CRLF.
author: Sergey Kandaurov <pluknet@nginx.com> 2026-02-27 21:18:16 +0400
committer: Sergey Kandaurov <s.kandaurov@f5.com> 2026-03-04 12:08:09 +0400
commit: aa65a60fc7bcef4152152cf5a4e87f04cad54368 (patch)
tree: 5083d0a474d64d7127105e25f9eff974c1d8395f /src/mail
parent: 9e7f0f4c538e5bbd7a5662786724491ee4eaa42e (diff)
download: nginx-aa65a60fc7bcef4152152cf5a4e87f04cad54368.tar.gz
nginx-aa65a60fc7bcef4152152cf5a4e87f04cad54368.tar.bz2
1 files changed, 4 insertions, 8 deletions
diff --git a/src/mail/ngx_mail_parse.c b/src/mail/ngx_mail_parse.c
index 4db1f18d3..a694bf6b6 100644
--- a/src/mail/ngx_mail_parse.c
+++ b/src/mail/ngx_mail_parse.c
@@ -598,20 +598,16 @@ ngx_mail_imap_parse_command(ngx_mail_session_t *s)
 
         case sw_end_literal_argument:
             switch (ch) {
-            case '{':
-                if (s->args.nelts <= 2) {
-                    state = sw_literal;
-                    break;
-                }
-                goto invalid;
+            case ' ':
+                state = sw_spaces_before_argument;
+                break;
             case CR:
                 state = sw_almost_done;
                 break;
             case LF:
                 goto done;
             default:
-                state = sw_spaces_before_argument;
-                break;
+                goto invalid;
             }
             break;
author	Sergey Kandaurov <pluknet@nginx.com>	2026-02-27 21:18:16 +0400
committer	Sergey Kandaurov <s.kandaurov@f5.com>	2026-03-04 12:08:09 +0400
commit	aa65a60fc7bcef4152152cf5a4e87f04cad54368 (patch)
tree	5083d0a474d64d7127105e25f9eff974c1d8395f /src/mail
parent	9e7f0f4c538e5bbd7a5662786724491ee4eaa42e (diff)
download	nginx-aa65a60fc7bcef4152152cf5a4e87f04cad54368.tar.gz nginx-aa65a60fc7bcef4152152cf5a4e87f04cad54368.tar.bz2