diff options
author | Peter Williams <peterw@src.gnome.org> | 2000-08-01 03:57:49 +0800 |
---|---|---|
committer | Peter Williams <peterw@src.gnome.org> | 2000-08-01 03:57:49 +0800 |
commit | f67eb8f79172e77dadb0c02636409e087856baeb (patch) | |
tree | 7f1e6639419321bd4d39e2e86b7becd27de00bac /camel | |
parent | f2f9d28a0b9c5492f3760103a8e63a21aaf47c79 (diff) | |
download | gsoc2013-evolution-f67eb8f79172e77dadb0c02636409e087856baeb.tar.gz gsoc2013-evolution-f67eb8f79172e77dadb0c02636409e087856baeb.tar.zst gsoc2013-evolution-f67eb8f79172e77dadb0c02636409e087856baeb.zip |
A few string overrun checks for the mime parser
svn path=/trunk/; revision=4427
Diffstat (limited to 'camel')
-rw-r--r-- | camel/ChangeLog | 17 | ||||
-rw-r--r-- | camel/camel-mime-utils.c | 10 |
2 files changed, 21 insertions, 6 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog index bad736e339..ea59fd9f79 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -52,6 +52,19 @@ item specifier for the header lines we need, appropriate to the server level. +2000-07-27 Peter Williams <peterw@helixcode.com> + + * camel-mime-utils.c (header_decode_lwsp): More + checks for end of string. + + * providers/imap/camel-imap-store.c: + (imap_command_extended): Free the elements of our + array (huge mem leak) + + * providers/imap/camel-imap-folder.c: + (summary_get_internal): Same as above. + + 2000-07-27 Jeffrey Stedfast <fejj@helixcode.com> * providers/imap/camel-imap-folder.c (camel_imap_folder_changed): @@ -105,7 +118,9 @@ * camel-mime-utils.c (header_references_decode): Return if the header is NULL -> or "" <-. Don't do our stupid mailer trick if we point to \0. - + (header_decode_quoted_string): Don't rip past end of + string! + 2000-07-26 Dan Winship <danw@helixcode.com> * camel-movemail.c (movemail_external): routine to call an diff --git a/camel/camel-mime-utils.c b/camel/camel-mime-utils.c index e6b7e0350b..edfda90ed8 100644 --- a/camel/camel-mime-utils.c +++ b/camel/camel-mime-utils.c @@ -794,8 +794,8 @@ header_decode_lwsp(const char **in) d2(printf("is ws: '%s'\n", *in)); - while (is_lwsp(*inptr) || *inptr =='(') { - while (is_lwsp(*inptr)) { + while (is_lwsp(*inptr) || *inptr =='(' && *inptr != '\0') { + while (is_lwsp(*inptr) && inptr != '\0') { d2(printf("(%c)", *inptr)); inptr++; } @@ -805,7 +805,7 @@ header_decode_lwsp(const char **in) if (*inptr == '(') { int depth = 1; inptr++; - while (depth && (c=*inptr)) { + while (depth && (c=*inptr) && *inptr != '\0') { if (c=='\\' && inptr[1]) { inptr++; } else if (c=='(') { @@ -1122,7 +1122,7 @@ header_decode_quoted_string(const char **in) /* first, calc length */ inptr++; intmp = inptr; - while ( (c = *intmp++) && c!= '"' ) { + while ( (c = *intmp++) && c!= '"' && c != '\0') { if (c=='\\' && *intmp) { intmp++; skip++; @@ -1130,7 +1130,7 @@ header_decode_quoted_string(const char **in) } outlen = intmp-inptr-skip; out = outptr = g_malloc(outlen+1); - while ( (c = *inptr++) && c!= '"' ) { + while ( (c = *inptr++) && c!= '"' && c != '\0') { if (c=='\\' && *inptr) { c = *inptr++; } |