[gmime/gmime-2-4] fixed a buffer overrun in charset conversion code
- From: Jeffrey Stedfast <fejj src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [gmime/gmime-2-4] fixed a buffer overrun in charset conversion code
- Date: Wed, 12 Aug 2009 15:17:04 +0000 (UTC)
commit 5102ff0f98f4f71bb9026f855552d51c1cafe1be
Author: Jeffrey Stedfast <fejj gnome org>
Date: Wed Aug 12 11:15:33 2009 -0400
fixed a buffer overrun in charset conversion code
2009-08-12 Jeffrey Stedfast <fejj novell com>
* gmime/gmime-utils.c (charset_convert): If iconv() fails, treat
conditions where outleft == 0 the same as if we had gotten an
E2BIG error (e.g. we need to grow the output buffer) so that we
don't overrun it while appending a '?' placeholder character.
ChangeLog | 9 ++++++++-
gmime/gmime-filter-charset.c | 16 +++++++++-------
gmime/gmime-utils.c | 9 ++++++---
3 files changed, 23 insertions(+), 11 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 8469e14..2e422dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2009-08-12 Jeffrey Stedfast <fejj novell com>
+
+ * gmime/gmime-utils.c (charset_convert): If iconv() fails, treat
+ conditions where outleft == 0 the same as if we had gotten an
+ E2BIG error (e.g. we need to grow the output buffer) so that we
+ don't overrun it while appending a '?' placeholder character.
+
2009-07-02 Stanislav Brabec <sbrabec suse cz>
* configure.in: Simplified configuring of gmime in a
@@ -110,7 +117,7 @@
simple arithmetic to update our stream->position on Windows since it
may do line-ending translation behind our backs. Call ftell() to get
our real position after reading or writing.
-
+
* gmime/gmime-stream-fs.c (stream_read, stream_write): Same idea.
* gmime/gmime-utils.c (mktime_utc): Fixed the Windows code-path.
diff --git a/gmime/gmime-filter-charset.c b/gmime/gmime-filter-charset.c
index 61f2def..d5c27e7 100644
--- a/gmime/gmime-filter-charset.c
+++ b/gmime/gmime-filter-charset.c
@@ -157,7 +157,8 @@ filter_filter (GMimeFilter *filter, char *in, size_t len, size_t prespace,
* EILSEQ An invalid multibyte sequence has been encountered
* in the input.
*
- * What we do here is eat the invalid bytes in the sequence and continue
+ * What we do here is eat the invalid bytes in the sequence
+ * and continue.
*/
inbuf++;
@@ -167,9 +168,9 @@ filter_filter (GMimeFilter *filter, char *in, size_t len, size_t prespace,
goto noop;
}
}
- } while (((int) inleft) > 0);
+ } while (inleft > 0);
- if (((int) inleft) > 0) {
+ if (inleft > 0) {
/* We've either got an E2BIG or EINVAL. Save the
remainder of the buffer as we'll process this next
time through */
@@ -230,7 +231,8 @@ filter_complete (GMimeFilter *filter, char *in, size_t len, size_t prespace,
* EILSEQ An invalid multibyte sequence has been encountered
* in the input.
*
- * What we do here is eat the invalid bytes in the sequence and continue
+ * What we do here is eat the invalid bytes in the sequence
+ * and continue.
*/
inbuf++;
@@ -245,10 +247,10 @@ filter_complete (GMimeFilter *filter, char *in, size_t len, size_t prespace,
*/
break;
- } else
+ } else {
goto noop;
-
- } while (((int) inleft) > 0);
+ }
+ } while (inleft > 0);
}
/* flush the iconv conversion */
diff --git a/gmime/gmime-utils.c b/gmime/gmime-utils.c
index 6505e61..60f0c75 100644
--- a/gmime/gmime-utils.c
+++ b/gmime/gmime-utils.c
@@ -1509,15 +1509,18 @@ charset_convert (iconv_t cd, const char *inbuf, size_t inleft, char **outp, size
errno = E2BIG;
#endif
- if (errno == E2BIG) {
+ if (errno == E2BIG || outleft == 0) {
/* need to grow the output buffer */
outlen += (inleft * 2) + 16;
rc = (size_t) (outbuf - out);
out = g_realloc (out, outlen + 1);
outleft = outlen - rc;
outbuf = out + rc;
- } else {
- /* invalid byte(-sequence) in the input buffer */
+ }
+
+ if (errno == EINVAL || errno == EILSEQ) {
+ /* invalid or incomplete multibyte
+ * sequence in the input buffer */
*outbuf++ = '?';
outleft--;
inleft--;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
