diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb index f2103c74196..c5fe6280a97 100644 --- a/lib/email/receiver.rb +++ b/lib/email/receiver.rb @@ -52,10 +52,12 @@ module Email raise EmptyEmailError if mail_string.blank? @staged_users = [] @raw_email = mail_string + COMMON_ENCODINGS.each do |encoding| fixed = try_to_encode(mail_string, encoding) break @raw_email = fixed if fixed.present? end + @mail = Mail.new(@raw_email) @message_id = @mail.message_id.presence || Digest::MD5.hexdigest(mail_string) @opts = opts @@ -482,7 +484,10 @@ module Email end def subject - @suject ||= @mail.subject.presence || I18n.t("emails.incoming.default_subject", email: @from_email) + @subject ||= begin + mail_subject = @mail.subject.delete("\u0000") + mail_subject.presence || I18n.t("emails.incoming.default_subject", email: @from_email) + end end def find_user(email) diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb index fb45da0ccca..8248e6024bc 100644 --- a/spec/components/email/receiver_spec.rb +++ b/spec/components/email/receiver_spec.rb @@ -117,6 +117,12 @@ describe Email::Receiver do expect(IncomingEmail.last.error).to eq("RuntimeError") end + it "strips null bytes from the subject" do + expect do + process(:null_byte_in_subject) + end.to raise_error(Email::Receiver::BadDestinationAddress) + end + context "bounces to VERP" do let(:bounce_key) { "14b08c855160d67f2e0c2f8ef36e251e" } diff --git a/spec/fixtures/emails/null_byte_in_subject.eml b/spec/fixtures/emails/null_byte_in_subject.eml new file mode 100644 index 00000000000..59a6f3bf3cc --- /dev/null +++ b/spec/fixtures/emails/null_byte_in_subject.eml @@ -0,0 +1,11 @@ +Return-Path: +From: Foo Bar +To: category@foo.com +Subject: =?ISO_8859-1?Q?testing=00?= +Date: Fri, 15 Jan 2016 00:12:43 +0100 +Message-ID: <31@foo.bar.mail> +Mime-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: quoted-printable + +Hey, this is a topic from a complete stranger ;)