From 9066b42dddc33e74a7aacb4e44125f148785280d Mon Sep 17 00:00:00 2001 From: Not Zed Date: Fri, 24 Jun 2005 17:38:12 +0000 Subject: ** See bug #307398 2005-06-25 Not Zed ** See bug #307398 * mail-session.c (alert_user): copy the prompt string, in 'no cancel' mode we run asynchronously. (free_user_message): & free it. 2005-06-24 Not Zed * em-format-html.c (efh_url_requested): dont pass data gtkhtml definitely can't handle, to gtkhtml. This is no security patch, but stops gtkhtml wasting time tying to render malicious mails or other rubbish. svn path=/trunk/; revision=29582 --- mail/ChangeLog | 15 +++++++++++++++ mail/em-format-html.c | 23 +++++++++++++++++++---- mail/mail-session.c | 14 +++++++++++--- 3 files changed, 45 insertions(+), 7 deletions(-) (limited to 'mail') diff --git a/mail/ChangeLog b/mail/ChangeLog index 16407fb6bc..c5cbc39e5e 100644 --- a/mail/ChangeLog +++ b/mail/ChangeLog @@ -1,3 +1,18 @@ +2005-06-25 Not Zed + + ** See bug #307398 + + * mail-session.c (alert_user): copy the prompt string, in 'no + cancel' mode we run asynchronously. + (free_user_message): & free it. + +2005-06-24 Not Zed + + * em-format-html.c (efh_url_requested): dont pass data gtkhtml + definitely can't handle, to gtkhtml. This is no security patch, + but stops gtkhtml wasting time tying to render malicious mails or + other rubbish. + 2005-06-21 Brian Mury ** See bug #301466. diff --git a/mail/em-format-html.c b/mail/em-format-html.c index d00387ba80..ad26fbacad 100644 --- a/mail/em-format-html.c +++ b/mail/em-format-html.c @@ -527,10 +527,25 @@ efh_url_requested(GtkHTML *html, const char *url, GtkHTMLStream *handle, EMForma puri = em_format_find_visible_puri((EMFormat *)efh, url); if (puri) { - puri->use_count++; - - d(printf(" adding puri job\n")); - job = em_format_html_job_new(efh, emfh_getpuri, puri); + CamelContentType *ct = ((CamelDataWrapper *)puri->part)->mime_type; + + /* GtkHTML only handles text and images. + application/octet-stream parts are the only ones + which are snooped for other content. So only try + to pass these to it - any other types are badly + formed or intentionally malicious emails. They + will still show as attachments anyway */ + + if (ct && (camel_content_type_is(ct, "text", "*") + || camel_content_type_is(ct, "image", "*") + || camel_content_type_is(ct, "application", "octet-stream"))) { + puri->use_count++; + + d(printf(" adding puri job\n")); + job = em_format_html_job_new(efh, emfh_getpuri, puri); + } else { + gtk_html_stream_close(handle, GTK_HTML_STREAM_ERROR); + } } else if (g_ascii_strncasecmp(url, "http:", 5) == 0 || g_ascii_strncasecmp(url, "https:", 6) == 0) { d(printf(" adding job, get %s\n", url)); job = em_format_html_job_new(efh, emfh_gethttp, g_strdup(url)); diff --git a/mail/mail-session.c b/mail/mail-session.c index ae971c5817..86961c019f 100644 --- a/mail/mail-session.c +++ b/mail/mail-session.c @@ -259,7 +259,7 @@ struct _user_message_msg { struct _mail_msg msg; CamelSessionAlertType type; - const char *prompt; + char *prompt; unsigned int allow_cancel:1; unsigned int result:1; @@ -346,7 +346,15 @@ do_user_message (struct _mail_msg *mm) } } -static struct _mail_msg_op user_message_op = { NULL, do_user_message, NULL, NULL }; +static void +free_user_message(struct _mail_msg *mm) +{ + struct _user_message_msg *m = (struct _user_message_msg *)mm; + + g_free(m->prompt); +} + +static struct _mail_msg_op user_message_op = { NULL, do_user_message, NULL, free_user_message }; static gboolean alert_user(CamelSession *session, CamelSessionAlertType type, const char *prompt, gboolean cancel) @@ -364,7 +372,7 @@ alert_user(CamelSession *session, CamelSessionAlertType type, const char *prompt m = mail_msg_new (&user_message_op, user_message_reply, sizeof (*m)); m->ismain = pthread_self() == mail_gui_thread; m->type = type; - m->prompt = prompt; + m->prompt = g_strdup(prompt); m->allow_cancel = cancel; if (m->ismain) -- cgit