diff options
author | Jeffrey Stedfast <fejj@helixcode.com> | 2000-11-17 15:18:56 +0800 |
---|---|---|
committer | Jeffrey Stedfast <fejj@src.gnome.org> | 2000-11-17 15:18:56 +0800 |
commit | e14164702f1e20019996f4bbdf272843538de833 (patch) | |
tree | ae5c37ce0718920b79db538dd7936e23afadf7ca /camel | |
parent | 25107cd4d712e05a366ccf772ed0ca40aaaecaa9 (diff) | |
download | gsoc2013-evolution-e14164702f1e20019996f4bbdf272843538de833.tar.gz gsoc2013-evolution-e14164702f1e20019996f4bbdf272843538de833.tar.zst gsoc2013-evolution-e14164702f1e20019996f4bbdf272843538de833.zip |
Use the byte-read count to decrement the number of bytes left to read
2000-11-17 Jeffrey Stedfast <fejj@helixcode.com>
* providers/imap/camel-imap-command.c (imap_read_untagged): Use
the byte-read count to decrement the number of bytes left to read
rather than using strlen. Not only does this protect against a DoS
(embedded NUL chars in the literal string would make strlen
inaccurate) but it also improves performace a little.
* camel-remote-store.c (remote_recv_line): *Sigh* Return the
number of bytes read on success rather than 0. Also don't use
camel_stream_buffer_read_line since we can't get an accurate octet
count.
svn path=/trunk/; revision=6599
Diffstat (limited to 'camel')
-rw-r--r-- | camel/ChangeLog | 13 | ||||
-rw-r--r-- | camel/camel-remote-store.c | 31 | ||||
-rw-r--r-- | camel/providers/imap/camel-imap-command.c | 10 |
3 files changed, 46 insertions, 8 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog index d150562199..38ec264d57 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,16 @@ +2000-11-17 Jeffrey Stedfast <fejj@helixcode.com> + + * providers/imap/camel-imap-command.c (imap_read_untagged): Use + the byte-read count to decrement the number of bytes left to read + rather than using strlen. Not only does this protect against a DoS + (embedded NUL chars in the literal string would make strlen + inaccurate) but it also improves performace a little. + + * camel-remote-store.c (remote_recv_line): *Sigh* Return the + number of bytes read on success rather than 0. Also don't use + camel_stream_buffer_read_line since we can't get an accurate octet + count. + 2000-11-17 Not Zed <NotZed@HelixCode.com> * camel-stream-buffer.c (camel_stream_buffer_gets): We should diff --git a/camel/camel-remote-store.c b/camel/camel-remote-store.c index eeca0d4080..ee5bf60b10 100644 --- a/camel/camel-remote-store.c +++ b/camel/camel-remote-store.c @@ -404,10 +404,13 @@ camel_remote_store_send_stream (CamelRemoteStore *store, CamelStream *stream, Ca return CRSC (store)->send_stream (store, stream, ex); } -static gint +static int remote_recv_line (CamelRemoteStore *store, char **dest, CamelException *ex) { CamelStreamBuffer *stream = CAMEL_STREAM_BUFFER (store->istream); + GByteArray *bytes; + gchar buf[1024], *ret; + guint nread; *dest = NULL; @@ -428,7 +431,29 @@ remote_recv_line (CamelRemoteStore *store, char **dest, CamelException *ex) return -1; } - *dest = camel_stream_buffer_read_line (stream); + bytes = g_byte_array_new (); + + nread = 1024; + while (nread == 1024) { + nread = camel_stream_buffer_gets (stream, buf, 1024); + if (nread > 0) + g_byte_array_append (bytes, buf, nread - 1); + } + + g_byte_array_append (bytes, "", 1); + ret = bytes->data; + nread = bytes->len - 1; + g_byte_array_free (bytes, FALSE); + + /* strip off the CRLF sequence at the end of the string */ + for ( ; nread > 0; nread--) { + if (ret[nread] == '\r') { + ret[nread] = '\0'; + break; + } + } + + *dest = ret; if (!*dest) { camel_exception_set (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE, @@ -443,7 +468,7 @@ remote_recv_line (CamelRemoteStore *store, char **dest, CamelException *ex) fprintf (stderr, "received: %s\n", *dest); #endif - return 0; + return nread; } /** diff --git a/camel/providers/imap/camel-imap-command.c b/camel/providers/imap/camel-imap-command.c index e9808d5a1f..f1be74b4a9 100644 --- a/camel/providers/imap/camel-imap-command.c +++ b/camel/providers/imap/camel-imap-command.c @@ -239,6 +239,7 @@ imap_read_untagged (CamelImapStore *store, char *line, CamelException *ex) int fulllen, length, left, i; GPtrArray *data; char *end, *p; + int n; p = strrchr (line, '{'); if (!p) @@ -257,8 +258,7 @@ imap_read_untagged (CamelImapStore *store, char *line, CamelException *ex) g_ptr_array_add (data, line); left = length; while (1) { - if (camel_remote_store_recv_line (CAMEL_REMOTE_STORE (store), - &line, ex) < 0) { + if ((n = camel_remote_store_recv_line (CAMEL_REMOTE_STORE (store), &line, ex)) < 0) { for (i = 0; i < data->len; i++) g_free (data->pdata[i]); g_ptr_array_free (data, TRUE); @@ -268,9 +268,9 @@ imap_read_untagged (CamelImapStore *store, char *line, CamelException *ex) if (left <= 0) break; - - left -= strlen (line) + 2; - + + left -= n + 2; + /* The output string will have only LF, not CRLF, so * decrement the length by one. */ |