[evolution-data-server/gnome-2-28] Bug 568822 (bnc) - crash caused overly large window due to malicious POP3 server
- From: Chenthill Palanisamy <pchen src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [evolution-data-server/gnome-2-28] Bug 568822 (bnc) - crash caused overly large window due to malicious POP3 server
- Date: Mon, 18 Jan 2010 07:00:43 +0000 (UTC)
commit 83f8a6547b8a4bf800639cd9617da4f2e06fe8f7
Author: Chenthill Palanisamy <pchenthill novell com>
Date: Mon Jan 18 12:29:26 2010 +0530
Bug 568822 (bnc) - crash caused overly large window due to malicious POP3 server
camel/providers/pop3/camel-pop3-store.c | 56 +++++++++++++++++++++++++------
1 files changed, 45 insertions(+), 11 deletions(-)
---
diff --git a/camel/providers/pop3/camel-pop3-store.c b/camel/providers/pop3/camel-pop3-store.c
index 89be794..3d9b684 100644
--- a/camel/providers/pop3/camel-pop3-store.c
+++ b/camel/providers/pop3/camel-pop3-store.c
@@ -60,6 +60,9 @@
#define POP3_PORT "110"
#define POP3S_PORT "995"
+/* defines the length of the server error message we can display in the error dialog */
+#define POP3_ERROR_SIZE_LIMIT 60
+
static CamelStoreClass *parent_class = NULL;
static void finalize (CamelObject *object);
@@ -147,6 +150,25 @@ enum {
#define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
#endif
+/* returns error message with ': ' as prefix */
+static gchar *
+get_valid_utf8_error (const gchar *text)
+{
+ gchar *tmp = camel_utf8_make_valid (text);
+ gchar *ret = NULL;
+
+ /*TODO If the error message > size limit log it somewhere */
+ if (!tmp || g_utf8_strlen (tmp, -1) > POP3_ERROR_SIZE_LIMIT) {
+ g_free (tmp);
+ return NULL;
+ }
+
+ ret = g_strconcat (": ", tmp, NULL);
+
+ g_free (tmp);
+ return ret;
+}
+
static gboolean
connect_to_server (CamelService *service, struct addrinfo *ai, gint ssl_mode, CamelException *ex)
{
@@ -234,9 +256,13 @@ connect_to_server (CamelService *service, struct addrinfo *ai, gint ssl_mode, Ca
camel_pop3_engine_command_free (store->engine, pc);
if (ret == FALSE) {
+ gchar *tmp = get_valid_utf8_error ((gchar *) store->engine->line);
+
camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
- _("Failed to connect to POP server %s in secure mode: %s"),
- service->url->host, store->engine->line);
+ _("Failed to connect to POP server %s in secure mode%s"),
+ service->url->host, tmp ? tmp:"");
+
+ g_free (tmp);
goto stls_exception;
}
@@ -414,9 +440,13 @@ try_sasl(CamelPOP3Store *store, const gchar *mech, CamelException *ex)
if (strncmp((gchar *) line, "+OK", 3) == 0)
break;
if (strncmp((gchar *) line, "-ERR", 4) == 0) {
+ gchar *tmp = get_valid_utf8_error ((gchar *) store->engine->line);
+
camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
- _("SASL '%s' Login failed for POP server %s: %s"),
- mech, CAMEL_SERVICE (store)->url->host, line);
+ _("SASL '%s' Login failed for POP server %s%s"),
+ mech, CAMEL_SERVICE (store)->url->host, tmp ? tmp : "");
+
+ g_free (tmp);
goto done;
}
/* If we dont get continuation, or the sasl object's run out of work, or we dont get a challenge,
@@ -552,17 +582,23 @@ pop3_try_authenticate (CamelService *service, gboolean reprompt, const gchar *er
errno ? g_strerror (errno) : _("Unknown error"));
}
} else if (pcu && pcu->state != CAMEL_POP3_COMMAND_OK) {
+ gchar *tmp = get_valid_utf8_error ((gchar *) store->engine->line);
+
camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
_("Unable to connect to POP server %s.\n"
- "Error sending username: %s"),
+ "Error sending username%s"),
CAMEL_SERVICE (store)->url->host,
- store->engine->line ? (gchar *)store->engine->line : _("Unknown error"));
+ tmp ? tmp : "");
+ g_free (tmp);
} else if (pcp->state != CAMEL_POP3_COMMAND_OK) {
+ gchar *tmp = get_valid_utf8_error ((gchar *) store->engine->line);
+
camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
_("Unable to connect to POP server %s.\n"
- "Error sending password: %s"),
+ "Error sending password%s"),
CAMEL_SERVICE (store)->url->host,
- store->engine->line ? (gchar *)store->engine->line : _("Unknown error"));
+ tmp ? tmp :"");
+ g_free (tmp);
}
camel_pop3_engine_command_free (store->engine, pcp);
@@ -609,9 +645,7 @@ pop3_connect (CamelService *service, CamelException *ex)
/* we only re-prompt if we failed to authenticate, any other error and we just abort */
if (status == 0 && camel_exception_get_id (ex) == CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE) {
- gchar *tmp = camel_utf8_make_valid (camel_exception_get_description (ex));
- errbuf = g_markup_printf_escaped ("%s\n\n", tmp);
- g_free (tmp);
+ errbuf = g_markup_printf_escaped ("%s\n\n", camel_exception_get_description (ex));
camel_exception_clear (ex);
camel_session_forget_password (session, service, NULL, "password", ex);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]