evolution r35594 - in trunk/calendar: . gui



Author: mbarnes
Date: Wed Jun  4 10:46:38 2008
New Revision: 35594
URL: http://svn.gnome.org/viewvc/evolution?rev=35594&view=rev

Log:
2008-06-04  Matthew Barnes  <mbarnes redhat com>

	** Fixes security vulnerabilities
	   CVE-2008-1108 and CVE-2008-1109

	* calendar/gui/itip-utils.c (html_new_lines_for):
	Do not use a fixed-size buffer for parsing external data.
	Simplify the logic to just split and rejoin the string with a
	different line separator.

	* calendar/gui/e-itip-control.c (write_label_piece),
	(write_recurrence_piece), (set_date_label):
	Use a GString rather than a fixed-size buffer to build the HTML
	string to avoid the possibility of an overflow.



Modified:
   trunk/calendar/ChangeLog
   trunk/calendar/gui/e-itip-control.c
   trunk/calendar/gui/itip-utils.c

Modified: trunk/calendar/gui/e-itip-control.c
==============================================================================
--- trunk/calendar/gui/e-itip-control.c	(original)
+++ trunk/calendar/gui/e-itip-control.c	Wed Jun  4 10:46:38 2008
@@ -660,7 +660,7 @@
 
 static void
 write_label_piece (EItipControl *itip, ECalComponentDateTime *dt,
-		   char *buffer, int size,
+                   GString *buffer,
 		   const char *stext, const char *etext,
 		   gboolean just_date)
 {
@@ -685,13 +685,13 @@
 		tmp_tm.tm_hour = tmp_tm.tm_min = tmp_tm.tm_sec = 0;
 
 	if (stext != NULL)
-		strcat (buffer, stext);
+		g_string_append (buffer, stext);
 
 	e_time_format_date_and_time (&tmp_tm,
 				     calendar_config_get_24_hour_format (),
 				     FALSE, FALSE,
 				     time_buf, sizeof (time_buf));
-	strcat (buffer, time_buf);
+	g_string_append (buffer, time_buf);
 
 	if (!dt->value->is_utc && dt->tzid) {
 		zone = icalcomponent_get_timezone (priv->top_level, dt->tzid);
@@ -703,21 +703,21 @@
 		   UTF-8. But it probably is not translated. */
 		display_name = icaltimezone_get_display_name (zone);
 		if (display_name && *display_name) {
-			strcat (buffer, " <font size=-1>[");
+			g_string_append_len (buffer, " <font size=-1>[", 16);
 
 			/* We check if it is one of our builtin timezone names,
 			   in which case we call gettext to translate it. */
 			if (icaltimezone_get_builtin_timezone (display_name)) {
-				strcat (buffer, _(display_name));
+				g_string_append_printf (buffer, "%s", _(display_name));
 			} else {
-				strcat (buffer, display_name);
+				g_string_append_printf (buffer, "%s", display_name);
 			}
-			strcat (buffer, "]</font>");
+			g_string_append_len (buffer, "]</font>", 8);
 		}
 	}
 
 	if (etext != NULL)
-		strcat (buffer, etext);
+		g_string_append (buffer, etext);
 }
 
 static const char *
@@ -754,19 +754,17 @@
 
 static void
 write_recurrence_piece (EItipControl *itip, ECalComponent *comp,
-			char *buffer, int size)
+                        GString *buffer)
 {
 	GSList *rrules;
 	struct icalrecurrencetype *r;
-	int len, i;
+	int i;
 
-	strcpy (buffer, "<b>Recurring:</b> ");
-	len = strlen (buffer);
-	buffer += len;
-	size -= len;
+	g_string_append_len (buffer, "<b>Recurring:</b> ", 18);
 
 	if (!e_cal_component_has_simple_recurrence (comp)) {
-		strcpy (buffer, _("Yes. (Complex Recurrence)"));
+		g_string_append_printf (
+			buffer, "%s", _("Yes. (Complex Recurrence)"));
 		return;
 	}
 
@@ -782,7 +780,10 @@
                  Every %d day/days" */
 		/* For Translators : 'Every day' is event Recurring every day */
 		/* For Translators : 'Every %d days' is event Recurring every %d days. %d is a digit */
-		sprintf (buffer, ngettext("Every day", "Every %d days", r->interval), r->interval);
+		g_string_append_printf (
+			buffer, ngettext ("Every day",
+			"Every %d days", r->interval),
+			r->interval);
 		break;
 
 	case ICAL_WEEKLY_RECURRENCE:
@@ -792,29 +793,36 @@
                          Every %d week/weeks" */
 			/* For Translators : 'Every week' is event Recurring every week */
 			/* For Translators : 'Every %d weeks' is event Recurring every %d weeks. %d is a digit */
-			sprintf (buffer, ngettext("Every week", "Every %d weeks", r->interval), r->interval);
+			g_string_append_printf (
+				buffer, ngettext ("Every week",
+				"Every %d weeks", r->interval),
+				r->interval);
 		} else {
 			/* For Translators : 'Every week on' is event Recurring every week on (dayname) and (dayname) and (dayname) */
 			/* For Translators : 'Every %d weeks on' is event Recurring: every %d weeks on (dayname) and (dayname). %d is a digit */
-			sprintf (buffer, ngettext("Every week on ", "Every %d weeks on ", r->interval), r->interval);
+			g_string_append_printf (
+				buffer, ngettext ("Every week on ",
+				"Every %d weeks on ", r->interval),
+				r->interval);
 
 			for (i = 1; i < 8 && r->by_day[i] != ICAL_RECURRENCE_ARRAY_MAX; i++) {
 				if (i > 1)
-					strcat (buffer, ", ");
-				strcat (buffer, get_dayname (r, i - 1));
+					g_string_append_len (buffer, ", ", 2);
+				g_string_append (buffer, get_dayname (r, i - 1));
 			}
 			if (i > 1)
 				/* For Translators : 'and' is part of the sentence 'event recurring every week on (dayname) and (dayname)' */
-				strcat (buffer, _(" and "));
-			strcat (buffer, get_dayname (r, i - 1));
+				g_string_append_printf (buffer, "%s", _(" and "));
+			g_string_append (buffer, get_dayname (r, i - 1));
 		}
 		break;
 
 	case ICAL_MONTHLY_RECURRENCE:
 		if (r->by_month_day[0] != ICAL_RECURRENCE_ARRAY_MAX) {
 			/* For Translators : 'The %s day of' is part of the sentence 'event recurring on the (nth) day of every month.' */
-			sprintf (buffer, _("The %s day of "),
-				 nth (r->by_month_day[0]));
+			g_string_append_printf (
+				buffer, _("The %s day of "),
+				nth (r->by_month_day[0]));
 		} else {
 			int pos;
 
@@ -828,20 +836,21 @@
 
 			/* For Translators : 'The %s %s of' is part of the sentence 'event recurring on the (nth) (dayname) of every month.'
 			   eg,third monday of every month */
-			sprintf (buffer, _("The %s %s of "),
-				 nth (pos), get_dayname (r, 0));
+			g_string_append_printf (
+				buffer, _("The %s %s of "),
+				nth (pos), get_dayname (r, 0));
 		}
 
-		len = strlen (buffer);
-		buffer += len;
-		size -= len;
               /* For Translators: In this can also be translated as "With the period of %d
                  month/months", where %d is a number. The entire sentence is of the form "Recurring:
                  Every %d month/months" */
 		/* For Translators : 'every month' is part of the sentence 'event recurring on the (nth) day of every month.' */
 		/* For Translators : 'every %d months' is part of the sentence 'event recurring on the (nth) day of every %d months.'
 		 %d is a digit */
-		sprintf (buffer, ngettext("every month","every %d months", r->interval), r->interval);
+		g_string_append_printf (
+			buffer, ngettext ("every month",
+			"every %d months", r->interval),
+			r->interval);
 		break;
 
 	case ICAL_YEARLY_RECURRENCE:
@@ -850,20 +859,22 @@
                  Every %d year/years" */
 		/* For Translators : 'Every year' is event Recurring every year */
 		/* For Translators : 'Every %d years' is event Recurring every %d years. %d is a digit */
-		sprintf (buffer, ngettext("Every year", "Every %d years", r->interval), r->interval);
+		g_string_append_printf (
+			buffer, ngettext ("Every year",
+			"Every %d years", r->interval),
+			r->interval);
 		break;
 
 	default:
 		g_return_if_reached ();
 	}
 
-	len = strlen (buffer);
-	buffer += len;
-	size -= len;
 	if (r->count) {
 	      /* For Translators:'a total of %d time' is part of the sentence of the form 'event recurring every day,a total of % time.' %d is a digit*/
 	      /* For Translators:'a total of %d times' is part of the sentence of the form 'event recurring every day,a total of % times.' %d is a digit*/
-		sprintf (buffer, ngettext("a total of %d time", " a total of %d times", r->count), r->count);
+		g_string_append_printf (
+			buffer, ngettext ("a total of %d time",
+			" a total of %d times", r->count), r->count);
 	} else if (!icaltime_is_null_time (r->until)) {
 		ECalComponentDateTime dt;
 
@@ -871,12 +882,12 @@
 		dt.value = &r->until;
 		dt.tzid = icaltimezone_get_tzid ((icaltimezone *)r->until.zone);
 
-		write_label_piece (itip, &dt, buffer, size,
+		write_label_piece (itip, &dt, buffer, 
 				   /* For Translators : ', ending on' is part of the sentence of the form 'event recurring every day, ending on (date).'*/
 				   _(", ending on "), NULL, TRUE);
 	}
 
-	strcat (buffer, "<br>");
+	g_string_append_len (buffer, "<br>", 4);
 }
 
 static void
@@ -884,47 +895,51 @@
 		ECalComponent *comp)
 {
 	ECalComponentDateTime datetime;
-	static char buffer[1024];
+	GString *buffer;
 	gchar *str;
 	gboolean wrote = FALSE, task_completed = FALSE;
 	ECalComponentVType type;
 
+	buffer = g_string_sized_new (1024);
 	type = e_cal_component_get_vtype (comp);
 
-	buffer[0] = '\0';
 	e_cal_component_get_dtstart (comp, &datetime);
 	if (datetime.value) {
 		/* For Translators : 'starts' is starts:date implying a task starts on what date */
 		str = g_strdup_printf ("<b>%s:</b>", _("Starts"));
-		write_label_piece (itip, &datetime, buffer, 1024,
-				  str,
-				   "<br>", FALSE);
-		gtk_html_write (html, html_stream, buffer, strlen(buffer));
+		write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+		gtk_html_write (html, html_stream, buffer->str, buffer->len);
 		wrote = TRUE;
 		g_free (str);
 	}
 	e_cal_component_free_datetime (&datetime);
 
-	buffer[0] = '\0';
+	/* Reset the buffer. */
+	g_string_truncate (buffer, 0);
+
 	e_cal_component_get_dtend (comp, &datetime);
 	if (datetime.value){
 		/* For Translators : 'ends' is ends:date implying a task ends on what date */
 		str = g_strdup_printf ("<b>%s:</b>", _("Ends"));
-		write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
-		gtk_html_write (html, html_stream, buffer, strlen (buffer));
+		write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+		gtk_html_write (html, html_stream, buffer->str, buffer->len);
 		wrote = TRUE;
 		g_free (str);
 	}
 	e_cal_component_free_datetime (&datetime);
 
-	buffer[0] = '\0';
+	/* Reset the buffer. */
+	g_string_truncate (buffer, 0);
+
 	if (e_cal_component_has_recurrences (comp)) {
-		write_recurrence_piece (itip, comp, buffer, 1024);
-		gtk_html_write (html, html_stream, buffer, strlen (buffer));
+		write_recurrence_piece (itip, comp, buffer);
+		gtk_html_write (html, html_stream, buffer->str, buffer->len);
 		wrote = TRUE;
 	}
 
-	buffer[0] = '\0';
+	/* Reset the buffer. */
+	g_string_truncate (buffer, 0);
+
 	datetime.tzid = NULL;
 	e_cal_component_get_completed (comp, &datetime.value);
 	if (type == E_CAL_COMPONENT_TODO && datetime.value) {
@@ -932,20 +947,22 @@
 		   timezone. */
 		str = g_strdup_printf ("<b>%s:</b>", _("Completed"));
 		datetime.value->is_utc = TRUE;
-		write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
-		gtk_html_write (html, html_stream, buffer, strlen (buffer));
+		write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+		gtk_html_write (html, html_stream, buffer->str, buffer->len);
 		wrote = TRUE;
 		task_completed = TRUE;
 		g_free (str);
 	}
 	e_cal_component_free_datetime (&datetime);
 
-	buffer[0] = '\0';
+	/* Reset the buffer. */
+	g_string_truncate (buffer, 0);
+
 	e_cal_component_get_due (comp, &datetime);
 	if (type == E_CAL_COMPONENT_TODO && !task_completed && datetime.value) {
 		str = g_strdup_printf ("<b>%s:</b>", _("Due"));
-		write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
-		gtk_html_write (html, html_stream, buffer, strlen (buffer));
+		write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+		gtk_html_write (html, html_stream, buffer->str, buffer->len);
 		wrote = TRUE;
 		g_free (str);
 	}
@@ -954,6 +971,8 @@
 
 	if (wrote)
 		gtk_html_stream_printf (html_stream, "<br>");
+
+	g_string_free (buffer, TRUE);
 }
 
 static void

Modified: trunk/calendar/gui/itip-utils.c
==============================================================================
--- trunk/calendar/gui/itip-utils.c	(original)
+++ trunk/calendar/gui/itip-utils.c	Wed Jun  4 10:46:38 2008
@@ -172,50 +172,16 @@
 }
 
 static char *
-html_new_lines_for (char *string)
+html_new_lines_for (const char *string)
 {
-	char *html_string = (char *) malloc (sizeof (char)* (3500));
-	int length = strlen (string);
-	int index = 0;
-	char *index_ptr = string;
-	char *temp = string;
+	gchar **lines;
+	gchar *joined;
 
-	/*Find the first occurence*/
-	index_ptr = strstr ((const char *)temp, "\n");
+	lines = g_strsplit_set (string, "\n", -1);
+	joined = g_strjoinv ("<br>", lines);
+	g_strfreev (lines);
 
-	/*Doesn't occur*/
-	if (index_ptr == NULL) {
-		strcpy (html_string, (const char *)string);
-		html_string[length] = '\0';
-		return html_string;
-	}
-
-	/*Split into chunks inserting <br> for \n */
-	do{
-		while (temp != index_ptr){
-			html_string[index++] = *temp;
-			temp++;
-		}
-		temp++;
-
-		html_string[index++] = '<';
-		html_string[index++] = 'b';
-		html_string[index++] = 'r';
-		html_string[index++] = '>';
-
-		index_ptr = strstr ((const char *)temp, "\n");
-
-	} while (index_ptr);
-
-	/*Don't leave out the last chunk*/
-	while (*temp != '\0'){
-		html_string[index++] = *temp;
-		temp++;
-	}
-
-	html_string[index] = '\0';
-
-	return html_string;
+	return joined;
 }
 
 char *



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]