[evolution-data-server] Bug 791282 - Sanitize RFC2047 encoded strings to avoid exploits



commit 38ced2755d3699b265ae627f58330433a2250c36
Author: Milan Crha <mcrha redhat com>
Date:   Fri Jan 5 10:25:37 2018 +0100

    Bug 791282 - Sanitize RFC2047 encoded strings to avoid exploits

 src/camel/camel-mime-utils.c |   35 +++++++++++++++++++++++++++++++++++
 1 files changed, 35 insertions(+), 0 deletions(-)
---
diff --git a/src/camel/camel-mime-utils.c b/src/camel/camel-mime-utils.c
index 808f662..d48ca39 100644
--- a/src/camel/camel-mime-utils.c
+++ b/src/camel/camel-mime-utils.c
@@ -1128,6 +1128,35 @@ make_string_utf8_valid (gchar *text,
        }
 }
 
+static void
+sanitize_decoded_text (guchar *text,
+                      gssize *inout_textlen)
+{
+       gssize ii, jj, textlen;
+
+       g_return_if_fail (text != NULL);
+       g_return_if_fail (inout_textlen != NULL);
+
+       textlen = *inout_textlen;
+
+       for (ii = 0, jj = 0; ii < textlen; ii++) {
+               /* Skip '\0' and '\r' characters */
+               if (text[ii] == 0 || text[ii] == '\r')
+                       continue;
+
+               /* Change '\n' into space */
+               if (text[ii] == '\n')
+                       text[ii] = ' ';
+
+               if (ii != jj)
+                       text[jj] = text[ii];
+
+               jj++;
+       }
+
+       *inout_textlen = jj;
+}
+
 /* decode an rfc2047 encoded-word token */
 static gchar *
 rfc2047_decode_word (const gchar *in,
@@ -1176,6 +1205,8 @@ rfc2047_decode_word (const gchar *in,
                return NULL;
        }
 
+       sanitize_decoded_text (decoded, &declen);
+
        /* never return empty string, return rather NULL */
        if (!declen)
                return NULL;
@@ -2892,6 +2923,10 @@ header_decode_mailbox (const gchar **in,
                }
 
                address = camel_header_address_new_name (name ? name->str : "", addr->str);
+       } else if (name) {
+               /* A name-only address, might be something wrong, but include it anyway */
+               make_string_utf8_valid (name->str, name->len);
+               address = camel_header_address_new_name (name->str, "");
        }
 
        d (printf ("got mailbox: %s\n", addr->str));


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]