emersion / go-milter

Go library to write mail filters
BSD 2-Clause "Simplified" License
42 stars 19 forks source link

decodeCStrings() behavior for invalid bytes #32

Closed Isma399 closed 6 months ago

Isma399 commented 6 months ago

Hello,

I'm wondering in this entrypoint of client data should better be checked: https://github.com/emersion/go-milter/blob/d69e17e0d387cba72aaf52b94113de9f924f93a6/session.go#L179 or in https://github.com/emersion/go-milter/blob/d69e17e0d387cba72aaf52b94113de9f924f93a6/cstrings.go#L12

Because invalid bytes can then be forwarded to milter_client and cause unexpected behavior.

I am not sure but maybe it's needed here to use utf8.ValidString() or utf8.RuneError() before pushing it to []string ? Or this processing should be handled by the go-milter users?

emersion commented 6 months ago

In general I don't think Go strings are guaranteed to contain valid UTF-8. I don't think it's the responsibility of the library to convert to UTF-8, it would probably be incorrect to do so (e-mail standards allow non-UTF-8 encodings).