aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeffrey Stedfast <fejj@helixcode.com>2000-11-17 15:18:56 +0800
committerJeffrey Stedfast <fejj@src.gnome.org>2000-11-17 15:18:56 +0800
commite14164702f1e20019996f4bbdf272843538de833 (patch)
treeae5c37ce0718920b79db538dd7936e23afadf7ca
parent25107cd4d712e05a366ccf772ed0ca40aaaecaa9 (diff)
downloadgsoc2013-evolution-e14164702f1e20019996f4bbdf272843538de833.tar.gz
gsoc2013-evolution-e14164702f1e20019996f4bbdf272843538de833.tar.zst
gsoc2013-evolution-e14164702f1e20019996f4bbdf272843538de833.zip
Use the byte-read count to decrement the number of bytes left to read
2000-11-17 Jeffrey Stedfast <fejj@helixcode.com> * providers/imap/camel-imap-command.c (imap_read_untagged): Use the byte-read count to decrement the number of bytes left to read rather than using strlen. Not only does this protect against a DoS (embedded NUL chars in the literal string would make strlen inaccurate) but it also improves performace a little. * camel-remote-store.c (remote_recv_line): *Sigh* Return the number of bytes read on success rather than 0. Also don't use camel_stream_buffer_read_line since we can't get an accurate octet count. svn path=/trunk/; revision=6599
-rw-r--r--camel/ChangeLog13
-rw-r--r--camel/camel-remote-store.c31
-rw-r--r--camel/providers/imap/camel-imap-command.c10
3 files changed, 46 insertions, 8 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog
index d150562199..38ec264d57 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,3 +1,16 @@
+2000-11-17 Jeffrey Stedfast <fejj@helixcode.com>
+
+ * providers/imap/camel-imap-command.c (imap_read_untagged): Use
+ the byte-read count to decrement the number of bytes left to read
+ rather than using strlen. Not only does this protect against a DoS
+ (embedded NUL chars in the literal string would make strlen
+ inaccurate) but it also improves performace a little.
+
+ * camel-remote-store.c (remote_recv_line): *Sigh* Return the
+ number of bytes read on success rather than 0. Also don't use
+ camel_stream_buffer_read_line since we can't get an accurate octet
+ count.
+
2000-11-17 Not Zed <NotZed@HelixCode.com>
* camel-stream-buffer.c (camel_stream_buffer_gets): We should
diff --git a/camel/camel-remote-store.c b/camel/camel-remote-store.c
index eeca0d4080..ee5bf60b10 100644
--- a/camel/camel-remote-store.c
+++ b/camel/camel-remote-store.c
@@ -404,10 +404,13 @@ camel_remote_store_send_stream (CamelRemoteStore *store, CamelStream *stream, Ca
return CRSC (store)->send_stream (store, stream, ex);
}
-static gint
+static int
remote_recv_line (CamelRemoteStore *store, char **dest, CamelException *ex)
{
CamelStreamBuffer *stream = CAMEL_STREAM_BUFFER (store->istream);
+ GByteArray *bytes;
+ gchar buf[1024], *ret;
+ guint nread;
*dest = NULL;
@@ -428,7 +431,29 @@ remote_recv_line (CamelRemoteStore *store, char **dest, CamelException *ex)
return -1;
}
- *dest = camel_stream_buffer_read_line (stream);
+ bytes = g_byte_array_new ();
+
+ nread = 1024;
+ while (nread == 1024) {
+ nread = camel_stream_buffer_gets (stream, buf, 1024);
+ if (nread > 0)
+ g_byte_array_append (bytes, buf, nread - 1);
+ }
+
+ g_byte_array_append (bytes, "", 1);
+ ret = bytes->data;
+ nread = bytes->len - 1;
+ g_byte_array_free (bytes, FALSE);
+
+ /* strip off the CRLF sequence at the end of the string */
+ for ( ; nread > 0; nread--) {
+ if (ret[nread] == '\r') {
+ ret[nread] = '\0';
+ break;
+ }
+ }
+
+ *dest = ret;
if (!*dest) {
camel_exception_set (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
@@ -443,7 +468,7 @@ remote_recv_line (CamelRemoteStore *store, char **dest, CamelException *ex)
fprintf (stderr, "received: %s\n", *dest);
#endif
- return 0;
+ return nread;
}
/**
diff --git a/camel/providers/imap/camel-imap-command.c b/camel/providers/imap/camel-imap-command.c
index e9808d5a1f..f1be74b4a9 100644
--- a/camel/providers/imap/camel-imap-command.c
+++ b/camel/providers/imap/camel-imap-command.c
@@ -239,6 +239,7 @@ imap_read_untagged (CamelImapStore *store, char *line, CamelException *ex)
int fulllen, length, left, i;
GPtrArray *data;
char *end, *p;
+ int n;
p = strrchr (line, '{');
if (!p)
@@ -257,8 +258,7 @@ imap_read_untagged (CamelImapStore *store, char *line, CamelException *ex)
g_ptr_array_add (data, line);
left = length;
while (1) {
- if (camel_remote_store_recv_line (CAMEL_REMOTE_STORE (store),
- &line, ex) < 0) {
+ if ((n = camel_remote_store_recv_line (CAMEL_REMOTE_STORE (store), &line, ex)) < 0) {
for (i = 0; i < data->len; i++)
g_free (data->pdata[i]);
g_ptr_array_free (data, TRUE);
@@ -268,9 +268,9 @@ imap_read_untagged (CamelImapStore *store, char *line, CamelException *ex)
if (left <= 0)
break;
-
- left -= strlen (line) + 2;
-
+
+ left -= n + 2;
+
/* The output string will have only LF, not CRLF, so
* decrement the length by one.
*/