aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mail/ChangeLog7
-rw-r--r--mail/mail-display.c5
2 files changed, 12 insertions, 0 deletions
diff --git a/mail/ChangeLog b/mail/ChangeLog
index 7b553f817e..a8be5524cc 100644
--- a/mail/ChangeLog
+++ b/mail/ChangeLog
@@ -2,6 +2,13 @@
Security vulnerability fixes.
+ * mail-display.c (do_external_viewer): Make sure that we don't
+ launch a bonobo control to view a mime-type that we handle
+ internally, otherwise maliciously formed HTML mail using <object>
+ tags could potentially launch a bonobo vontrol to view the mime
+ part bypassing any checks that Evolution might do on the data
+ normally.
+
* mail-format.c (handle_text_html, attachment_header)
(handle_image, handle_via_bonobo): Encode the result from
get_cid() so that malicious Content-Id strings cannot bypass the
diff --git a/mail/mail-display.c b/mail/mail-display.c
index 83387bde92..955de714ea 100644
--- a/mail/mail-display.c
+++ b/mail/mail-display.c
@@ -1081,6 +1081,11 @@ do_external_viewer (GtkHTML *html, GtkHTMLEmbedded *eb,
CORBA_Environment ev;
CamelStreamMem *cstream;
BonoboStream *bstream;
+ MailMimeHandler *handler;
+
+ handler = mail_lookup_handler (eb->type);
+ if (!handler || handler->builtin)
+ return FALSE;
component = gnome_vfs_mime_get_default_component (eb->type);
if (!component)