Re: [evolution-patches] 72609, crash viewing mail, security/dos fix

From: Not Zed <notzed ximian com>
To: asdf <evolution-patches lists ximian com>
Subject: Re: [evolution-patches] 72609, crash viewing mail, security/dos fix
Date: Mon, 28 Feb 2005 13:30:29 +0800

Here's a better camel patch, the mail patch has been applied.

This is only for robustness, the other patch should fix the actual bug.

On Thu, 2005-02-24 at 14:39 +0800, Not Zed wrote:

This should be applied to 2.0.x as well as 2.1 as it fixes a dos when viewing such a message.

? camel/a.out
? camel/camel-mime-tables.c
? camel/testurl.c
? camel/tests/folder/test10
? camel/tests/folder/test11
? camel/tests/message/test4
? camel/tests/mime-filter/test-tohtml
? camel/tests/misc/test2
? camel/tests/misc/url-scan
Index: camel/ChangeLog
===================================================================
RCS file: /cvs/gnome/evolution-data-server/camel/ChangeLog,v
retrieving revision 1.2432
diff -u -p -r1.2432 ChangeLog
--- camel/ChangeLog	25 Feb 2005 03:49:26 -0000	1.2432
+++ camel/ChangeLog	28 Feb 2005 05:28:21 -0000
@@ -1,3 +1,15 @@
+2005-02-28  Not Zed  <NotZed Ximian com>
+
+	** See bug #72609
+
+	* camel-mime-utils.c (header_encode_param): just call
+	camel_charset_best once to get the best charset, and handle a NULL
+	charset name case properly.
+
+	* camel-charset-map.c (camel_charset_step): use the camel utf8
+	functions for robustness (&fix possible buffer-read-overflow).
+	Perform some short-circuit optimisation when we can.
+
 2005-02-24  Not Zed  <NotZed Ximian com>
 
 	** See bug #68459
Index: camel/camel-charset-map.c
===================================================================
RCS file: /cvs/gnome/evolution-data-server/camel/camel-charset-map.c,v
retrieving revision 1.42
diff -u -p -r1.42 camel-charset-map.c
--- camel/camel-charset-map.c	2 Dec 2004 08:03:29 -0000	1.42
+++ camel/camel-charset-map.c	28 Feb 2005 05:28:22 -0000
@@ -200,19 +200,18 @@ int main (void)
 
 #else
 
-#include "camel-charset-map.h"
-#include "camel-charset-map-private.h"
-
-#include <libedataserver/e-iconv.h>
-
 #include <glib.h>
 #include <locale.h>
-#include <ctype.h>
-#include <pthread.h>
 #ifdef HAVE_CODESET
 #include <langinfo.h>
 #endif
 
+#include "camel-charset-map.h"
+#include "camel-charset-map-private.h"
+#include "camel-utf8.h"
+
+#include <libedataserver/e-iconv.h>
+
 void
 camel_charset_init (CamelCharset *c)
 {
@@ -221,42 +220,34 @@ camel_charset_init (CamelCharset *c)
 }
 
 void
-camel_charset_step (CamelCharset *c, const char *in, int len)
+camel_charset_step (CamelCharset *cc, const char *in, int len)
 {
 	register unsigned int mask;
 	register int level;
-	const char *inptr = in, *inend = in+len;
+	const unsigned char *inptr = in, *inend = in+len;
+	register guint32 c;
 
-	mask = c->mask;
-	level = c->level;
+	mask = cc->mask;
+	level = cc->level;
 
 	/* check what charset a given string will fit in */
-	while (inptr < inend) {
-		gunichar c;
-		const char *newinptr;
-		newinptr = g_utf8_next_char(inptr);
-		c = g_utf8_get_char(inptr);
-		if (newinptr == NULL || !g_unichar_validate (c)) {
-			inptr++;
-			continue;
-		}
-
-		inptr = newinptr;
-		if (c<=0xffff) {
+	while ( (c = camel_utf8_getc_limit(&inptr, inend)) != 0xffff) {
+		if (c < 0xffff) {
 			mask &= charset_mask(c);
 		
 			if (c>=128 && c<256)
 				level = MAX(level, 1);
 			else if (c>=256)
-				level = MAX(level, 2);
+				level = 2;
 		} else {
 			mask = 0;
-			level = MAX(level, 2);
+			level = 2;
+			break;
 		}
 	}
 
-	c->mask = mask;
-	c->level = level;
+	cc->mask = mask;
+	cc->level = level;
 }
 
 /* gets the best charset from the mask of chars in it */
Index: camel/camel-mime-utils.c
===================================================================
RCS file: /cvs/gnome/evolution-data-server/camel/camel-mime-utils.c,v
retrieving revision 1.223
diff -u -p -r1.223 camel-mime-utils.c
--- camel/camel-mime-utils.c	31 Jan 2005 06:56:28 -0000	1.223
+++ camel/camel-mime-utils.c	28 Feb 2005 05:28:23 -0000
@@ -2938,44 +2938,24 @@ header_encode_param (const unsigned char
 	const unsigned char *inptr = in;
 	unsigned char *outbuf = NULL;
 	const char *charset;
-	int encoding;
 	GString *out;
 	guint32 c;
 
 	*encoded = FALSE;
 	
 	g_return_val_if_fail (in != NULL, NULL);
-	
-	/* do a quick us-ascii check (the common case?) */
-	while (*inptr) {
-		if (*inptr > 127)
-			break;
-		inptr++;
-	}
-	
-	if (*inptr == '\0')
-		return g_strdup (in);
-	
-	inptr = in;
-	encoding = 0;
-	while ( encoding !=2 && (c = camel_utf8_getc(&inptr)) ) {
-		if (c > 127 && c < 256)
-			encoding = MAX (encoding, 1);
-		else if (c >= 256)
-			encoding = MAX (encoding, 2);
-	}
 
-	if (encoding == 2)
-		charset = camel_charset_best(in, strlen(in));
-	else
-		charset = "iso-8859-1";
+	/* if we have really broken utf8 passed in, we just treat it as binary data */
+
+	charset = camel_charset_best(in, strlen(in));
+	if (charset == NULL)
+		return g_strdup(in);
 	
-	if (strcasecmp(charset, "UTF-8") != 0
-	    && (outbuf = header_convert(charset, "UTF-8", in, strlen(in)))) {
-		inptr = outbuf;
-	} else {
-		charset = "UTF-8";
-		inptr = in;
+	if (g_ascii_strcasecmp(charset, "UTF-8") != 0) {
+		if ((outbuf = header_convert(charset, "UTF-8", in, strlen(in))))
+			inptr = outbuf;
+		else
+			return g_strdup(in);
 	}
 	
 	/* FIXME: set the 'language' as well, assuming we can get that info...? */

Follow-Ups:
- Re: [evolution-patches] 72609, crash viewing mail, security/dos fix
  - From: Jeffrey Stedfast

References:
- [evolution-patches] 72609, crash viewing mail, security/dos fix
  - From: Not Zed

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]