aboutsummaryrefslogtreecommitdiffstats
path: root/camel
diff options
context:
space:
mode:
authorPeter Williams <peterw@src.gnome.org>2000-08-01 03:57:49 +0800
committerPeter Williams <peterw@src.gnome.org>2000-08-01 03:57:49 +0800
commitf67eb8f79172e77dadb0c02636409e087856baeb (patch)
tree7f1e6639419321bd4d39e2e86b7becd27de00bac /camel
parentf2f9d28a0b9c5492f3760103a8e63a21aaf47c79 (diff)
downloadgsoc2013-evolution-f67eb8f79172e77dadb0c02636409e087856baeb.tar.gz
gsoc2013-evolution-f67eb8f79172e77dadb0c02636409e087856baeb.tar.zst
gsoc2013-evolution-f67eb8f79172e77dadb0c02636409e087856baeb.zip
A few string overrun checks for the mime parser
svn path=/trunk/; revision=4427
Diffstat (limited to 'camel')
-rw-r--r--camel/ChangeLog17
-rw-r--r--camel/camel-mime-utils.c10
2 files changed, 21 insertions, 6 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog
index bad736e339..ea59fd9f79 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -52,6 +52,19 @@
item specifier for the header lines we need, appropriate to the
server level.
+2000-07-27 Peter Williams <peterw@helixcode.com>
+
+ * camel-mime-utils.c (header_decode_lwsp): More
+ checks for end of string.
+
+ * providers/imap/camel-imap-store.c:
+ (imap_command_extended): Free the elements of our
+ array (huge mem leak)
+
+ * providers/imap/camel-imap-folder.c:
+ (summary_get_internal): Same as above.
+
+
2000-07-27 Jeffrey Stedfast <fejj@helixcode.com>
* providers/imap/camel-imap-folder.c (camel_imap_folder_changed):
@@ -105,7 +118,9 @@
* camel-mime-utils.c (header_references_decode): Return
if the header is NULL -> or "" <-. Don't do our stupid
mailer trick if we point to \0.
-
+ (header_decode_quoted_string): Don't rip past end of
+ string!
+
2000-07-26 Dan Winship <danw@helixcode.com>
* camel-movemail.c (movemail_external): routine to call an
diff --git a/camel/camel-mime-utils.c b/camel/camel-mime-utils.c
index e6b7e0350b..edfda90ed8 100644
--- a/camel/camel-mime-utils.c
+++ b/camel/camel-mime-utils.c
@@ -794,8 +794,8 @@ header_decode_lwsp(const char **in)
d2(printf("is ws: '%s'\n", *in));
- while (is_lwsp(*inptr) || *inptr =='(') {
- while (is_lwsp(*inptr)) {
+ while (is_lwsp(*inptr) || *inptr =='(' && *inptr != '\0') {
+ while (is_lwsp(*inptr) && inptr != '\0') {
d2(printf("(%c)", *inptr));
inptr++;
}
@@ -805,7 +805,7 @@ header_decode_lwsp(const char **in)
if (*inptr == '(') {
int depth = 1;
inptr++;
- while (depth && (c=*inptr)) {
+ while (depth && (c=*inptr) && *inptr != '\0') {
if (c=='\\' && inptr[1]) {
inptr++;
} else if (c=='(') {
@@ -1122,7 +1122,7 @@ header_decode_quoted_string(const char **in)
/* first, calc length */
inptr++;
intmp = inptr;
- while ( (c = *intmp++) && c!= '"' ) {
+ while ( (c = *intmp++) && c!= '"' && c != '\0') {
if (c=='\\' && *intmp) {
intmp++;
skip++;
@@ -1130,7 +1130,7 @@ header_decode_quoted_string(const char **in)
}
outlen = intmp-inptr-skip;
out = outptr = g_malloc(outlen+1);
- while ( (c = *inptr++) && c!= '"' ) {
+ while ( (c = *inptr++) && c!= '"' && c != '\0') {
if (c=='\\' && *inptr) {
c = *inptr++;
}