[balsa] address-book-rubrica: Do not crash on bad card

[Peter Bloomfield <peterb src gnome org>]

commit 8624ab4262a54d0d563088d2a61d7ca572c81399
Author: Peter Bloomfield <PeterBloomfield bellsouth net>
Date:   Sat Jun 22 22:07:56 2019 -0400

    address-book-rubrica: Do not crash on bad card
    
    Do not crash if a card has multiple "Net" elements
    
    * libbalsa/address-book-rubrica.c (extract_cards): Call
      libbalsa_address_set_addr_list() only once, even when a card has
      multiple "Net" elements.
    
    The parser seems to expect only a single "Net" element, possibly
    containing more than one "Uri" element. If there are more than one, it
    calls libbalsa_address_set_addr_list() more than once with the same
    list, which leads to a use-after-free. This patch simply collects all
    e-mail addresses from all "Net" elements and calls
    libbalsa_address_set_addr_list() once.

 ChangeLog                       | 10 ++++++++++
 libbalsa/address-book-rubrica.c |  7 ++++---
 2 files changed, 14 insertions(+), 3 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index c4ccbb4ad..75fba8e9e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2019-06-22  Peter Bloomfield  <pbloomfield bellsouth net>
+
+       address-book-rubrica: Do not crash on bad card
+
+       Do not crash if a card has multiple "Net" sections
+
+       * libbalsa/address-book-rubrica.c (extract_cards): Call
+       libbalsa_address_set_addr_list() only once, even when a card has
+       multiple "Net" sections.
+
 2019-06-22  Peter Bloomfield  <pbloomfield bellsouth net>
 
        * libbalsa/address-book-rubrica.c
diff --git a/libbalsa/address-book-rubrica.c b/libbalsa/address-book-rubrica.c
index 79e0bb121..2385328d4 100644
--- a/libbalsa/address-book-rubrica.c
+++ b/libbalsa/address-book-rubrica.c
@@ -594,16 +594,17 @@ extract_cards(xmlNodePtr card)
                     g_free(organization);
                 } else if (!xmlStrcmp(children->name, CXMLCHARP("Net"))) {
                    extract_net(children->children, &address_list);
-                    libbalsa_address_set_addr_list(address, address_list);
                 }
 
                children = children->next;
            }
 
-           if (address_list != NULL)
+           if (address_list != NULL) {
+                libbalsa_address_set_addr_list(address, address_list);
                addrlist = g_slist_prepend(addrlist, address);
-           else
+            } else {
                g_object_unref(address);
+            }
        }
 
        card = card->next;