From 4b32de61d00bf5ae12d4179bede135fd2ded0f9c Mon Sep 17 00:00:00 2001
From: Jeffrey Stedfast <fejj@ximian.com>
Date: Wed, 12 Mar 2003 21:39:09 +0000
Subject: Security vulnerability fixes.

2003-03-12  Jeffrey Stedfast  <fejj@ximian.com>

	Security vulnerability fixes.

	* mail-display.c (do_external_viewer): Make sure that we don't
	launch a bonobo control to view a mime-type that we handle
	internally, otherwise maliciously formed HTML mail using <object>
	tags could potentially launch a bonobo vontrol to view the mime
	part bypassing any checks that Evolution might do on the data
	normally.

svn path=/trunk/; revision=20269
---
 mail/mail-display.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'mail/mail-display.c')

diff --git a/mail/mail-display.c b/mail/mail-display.c
index 83387bde92..955de714ea 100644
--- a/mail/mail-display.c
+++ b/mail/mail-display.c
@@ -1081,6 +1081,11 @@ do_external_viewer (GtkHTML *html, GtkHTMLEmbedded *eb,
 	CORBA_Environment ev;
 	CamelStreamMem *cstream;
 	BonoboStream *bstream;
+	MailMimeHandler *handler;
+	
+	handler = mail_lookup_handler (eb->type);
+	if (!handler || handler->builtin)
+		return FALSE;
 	
 	component = gnome_vfs_mime_get_default_component (eb->type);
 	if (!component)
-- 
cgit