Overview

File apache-commons-email-CVE-2018-1294.patch of Package apache-commons-email.7734

Index: commons-email-1.2-src/src/java/org/apache/commons/mail/Email.java
===================================================================
--- commons-email-1.2-src.orig/src/java/org/apache/commons/mail/Email.java
+++ commons-email-1.2-src/src/java/org/apache/commons/mail/Email.java
@@ -1051,7 +1051,7 @@ public abstract class Email
      */
     public Email setSubject(String aSubject)
     {
-        this.subject = aSubject;
+        this.subject = EmailUtils.replaceEndOfLineCharactersWithSpaces(aSubject);
         return this;
     }
 
@@ -1063,7 +1063,23 @@ public abstract class Email
      */
     public Email setBounceAddress(String email)
     {
-        this.bounceAddress = email;
+	if (email != null && !email.isEmpty())
+	{
+	    try
+	    {
+	         this.bounceAddress = createInternetAddress(email, null, this.charset).getAddress();
+	    }
+	    catch (final EmailException e)
+	    {
+	        // Can't throw 'EmailException' to keep backward-compatibility                                                      
+		throw new IllegalArgumentException("Failed to set the bounce address : " + email, e);
+	    }
+	}
+	else
+	    {
+		this.bounceAddress = email;
+	    }
+
         return this;
     }
 
Index: commons-email-1.2-src/src/java/org/apache/commons/mail/EmailUtils.java
===================================================================
--- commons-email-1.2-src.orig/src/java/org/apache/commons/mail/EmailUtils.java
+++ commons-email-1.2-src/src/java/org/apache/commons/mail/EmailUtils.java
@@ -227,6 +227,17 @@ final class EmailUtils
         return buffer.toString();
     }
 
+    /**                                                                                                                  
+     * Replaces end-of-line characters with spaces.                                                                      
+     *                                                                                                                   
+     * @param input the input string to be scanned.                                                                      
+     * @return a clean string                                                                                            
+     */
+     static String replaceEndOfLineCharactersWithSpaces(final String input)
+     {
+	return input == null ? null : input.replace('\n', ' ').replace('\r', ' ');
+     }
+
     /**
      * Convinience method to write a MimeMessage into a file.
      *
Index: commons-email-1.2-src/src/test/org/apache/commons/mail/BaseEmailTestCase.java
===================================================================
--- commons-email-1.2-src.orig/src/test/org/apache/commons/mail/BaseEmailTestCase.java
+++ commons-email-1.2-src/src/test/org/apache/commons/mail/BaseEmailTestCase.java
@@ -85,10 +85,18 @@ public abstract class BaseEmailTestCase
             "A",
             "\uc5ec",
             "0123456789",
-            "012345678901234567890",
-            "\n"
+            "012345678901234567890"
     };
 
+    /** Test characters not acceptable to email */
+    protected String[] endOfLineCombinations =
+    {
+	    "\n",
+	    "\r",
+	    "\r\n",
+	    "\n\r"
+    }
+
     /** Array of test strings */
     protected String[] testCharsNotValid = {"", null};
openSUSE Build Service is sponsored by
Places