letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

RA: Reject emails that end with '#' (#6267) 

The Fragment field of a parsed URL is only non-empty if there is
text following the octothorpe character. Check for the case that
the mailto: address ends in an octothorpe with no trailing value.

Fixes #6231
This commit is contained in:
Aaron Gable 2022-08-01 14:05:23 -07:00 committed by GitHub
parent cdf1d321a5
commit 631ff88451
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ra/ra.go
View File

@ -471,7 +471,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
if parsed.RawQuery != "" || contact[len(contact)-1] == '?' {
return berrors.InvalidEmailError("contact email %q contains a question mark", contact)
}
if parsed.Fragment != "" {
if parsed.Fragment != "" || contact[len(contact)-1] == '#' {
return berrors.InvalidEmailError("contact email %q contains a '#'", contact)
}
if !core.IsASCII(contact) {

3
ra/ra_test.go
View File

@ -419,6 +419,9 @@ func TestValidateContacts(t *testing.T) {
err = ra.validateContacts(context.Background(), []string{"mailto:example@a.com?"})
test.AssertError(t, err, "No hfields in email")
err = ra.validateContacts(context.Background(), []string{"mailto:example@a.com#"})
test.AssertError(t, err, "No fragment")
err = ra.validateContacts(context.Background(), []string{"mailto:example@a.com#optional"})
test.AssertError(t, err, "No fragment")