2005-03-24 [paul] 1.0.3cvs8
authorPaul Mangan <paul@claws-mail.org>
Thu, 24 Mar 2005 10:14:19 +0000 (10:14 +0000)
committerPaul Mangan <paul@claws-mail.org>
Thu, 24 Mar 2005 10:14:19 +0000 (10:14 +0000)
* ChangeLog
* ChangeLog.jp
* src/codeconv.c
* src/textview.c
* src/unmime.c
* src/unmime.h
* src/common/smtp.c
sync with main 1.0.4
see ChangeLog 2005-03-18 and 2005-03-24
fixes buffer overflow

ChangeLog
ChangeLog.claws
ChangeLog.jp
PATCHSETS
configure.ac
src/codeconv.c
src/common/smtp.c
src/textview.c
src/unmime.c
src/unmime.h

index 550b06e..4c7f8e8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,32 @@
+2005-03-24
+
+       * version 1.0.4
+
+2005-03-24
+
+       * src/procmime.c:
+         procmime_scan_content_type()
+         procmime_scan_content_disposition(): fixed possible stack buffer
+         overflow.
+       * src/codeconv.c: conv_unmime_header()
+         src/unmime.[ch]: unmime_header(): added an argument for buffer size
+         and restricted the size of decoded string to remove the possibility
+         of buffer overflow.
+
+2005-03-18
+
+       * src/smtp.c: smtp_ehlo_recv(): strict check for AUTH string.
+
+2005-03-18
+
+       * src/textview.c: textview_show_html(): force output of newline.
+
+2005-03-18
+
+       * src/account.c: account_find_from_message_file(): added missing
+         NULL terminator of the HeaderEntry array which had introduced
+         crash on re-edit (thanks to Michael Schwendt).
+
 2005-03-04
 
        * version 1.0.3
index bdf08d5..e5f190e 100644 (file)
@@ -1,3 +1,16 @@
+2005-03-24 [paul]      1.0.3cvs8
+
+       * ChangeLog
+       * ChangeLog.jp
+       * src/codeconv.c
+       * src/textview.c
+       * src/unmime.c
+       * src/unmime.h
+       * src/common/smtp.c
+               sync with main 1.0.4
+               see ChangeLog 2005-03-18 and 2005-03-24
+               fixes buffer overflow
+
 2005-03-25 [paul]
 
        * tools/Makefile.am
index d7acb64..fefbeb2 100644 (file)
@@ -1,3 +1,32 @@
+2005-03-24
+
+       * version 1.0.4
+
+2005-03-24
+
+       * src/procmime.c:
+         procmime_scan_content_type()
+         procmime_scan_content_disposition(): ¥¹¥¿¥Ã¥¯¥Ð¥Ã¥Õ¥¡¥ª¡¼¥Ð¡¼
+         ¥Õ¥í¡¼¤òµ¯¤³¤¹²ÄǽÀ­¤¬¤¢¤Ã¤¿¤Î¤ò½¤Àµ¡£
+       * src/codeconv.c: conv_unmime_header()
+         src/unmime.[ch]: unmime_header(): ¥Ð¥Ã¥Õ¥¡¥µ¥¤¥º¤Î°ú¿ô¤òÄɲä·¡¢
+         ¥Ç¥³¡¼¥É¤·¤¿Ê¸»úÎó¤Î¥µ¥¤¥º¤òÀ©¸Â¤·¡¢¥Ð¥Ã¥Õ¥¡¥ª¡¼¥Ð¡¼¥Õ¥í¡¼¤Î
+         ²ÄǽÀ­¤ò̵¤¯¤·¤¿¡£
+
+2005-03-18
+
+       * src/smtp.c: smtp_ehlo_recv(): AUTH Ê¸»úÎó¤ò¸·Ì©¤Ë¥Á¥§¥Ã¥¯¡£
+
+2005-03-18
+
+       * src/textview.c: textview_show_html(): ¶¯À©Åª¤Ë²þ¹Ô¤ò½ÐÎÏ¡£
+
+2005-03-18
+
+       * src/account.c: account_find_from_message_file(): HeaderEntry ÇÛÎó
+         ¤Î NULL ½ªÃ¼¤¬È´¤±¤Æ¤¤¤¿¤Î¤òÄɲÃ(ºÆÊÔ½¸»þ¤Ë¥¯¥é¥Ã¥·¥å¤òµ¯¤³¤·¤Æ
+         ¤¤¤¿) (Michael Schwendt ¤µ¤ó thanks)¡£
+
 2005-03-04
 
        * version 1.0.3
index c0fa9e7..6f7d56d 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
 ( cvs diff -u -r 1.480 -r 1.481 src/compose.c; ) > 1.0.3cvs5.patchset
 ( cvs diff -u -r 1.15 -r 1.16 src/common/plugin.c; cvs diff -u -r 1.62 -r 1.63 src/procheader.c; ) > 1.0.3cvs6.patchset
 ( cvs diff -u -r 1.24 -r 1.25 src/plugins/spamassassin/spamassassin.c; ) > 1.0.3cvs7.patchset
+( cvs diff -u -r 1.459 -r 1.460 ChangeLog; cvs diff -u -r 1.454 -r 1.455 ChangeLog.jp; cvs diff -u -r 1.75 -r 1.76 src/codeconv.c; cvs diff -u -r 1.130 -r 1.131 src/textview.c; cvs diff -u -r 1.9 -r 1.10 src/unmime.c; cvs diff -u -r 1.2 -r 1.3 src/unmime.h; cvs diff -u -r 1.21 -r 1.22 src/common/smtp.c; ) > 1.0.3cvs8.patchset
index f005313..1e56663 100644 (file)
@@ -11,7 +11,7 @@ MINOR_VERSION=0
 MICRO_VERSION=3
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=7
+EXTRA_VERSION=8
 EXTRA_RELEASE=
 
 if test \( $EXTRA_VERSION -eq 0 \) -o \( "x$EXTRA_RELEASE" != "x" \); then
index d177f74..53e2fcd 100644 (file)
@@ -1467,9 +1467,9 @@ void conv_unmime_header(gchar *outbuf, gint outlen, const gchar *str,
                buflen = strlen(str) * 2 + 1;
                Xalloca(buf, buflen, return);
                conv_anytodisp(buf, buflen, str);
-               unmime_header(outbuf, buf);
+               unmime_header(outbuf, outlen, buf);
        } else
-               unmime_header(outbuf, str);
+               unmime_header(outbuf, outlen, str);
 }
 
 #define MAX_LINELEN            76
index 43a1f74..d9a357a 100644 (file)
@@ -286,7 +286,7 @@ static gint smtp_ehlo_recv(SMTPSession *session, const gchar *msg)
                const gchar *p = msg;
                p += 3;
                if (*p == '-' || *p == ' ') p++;
-               if (g_strncasecmp(p, "AUTH", 4) == 0) {
+               if (g_strncasecmp(p, "AUTH", 4) == 0 && p[4] != '\0') {
                        p += 5;
                        if (strcasestr(p, "PLAIN"))
                                session->avail_auth_type |= SMTPAUTH_PLAIN;
index ff6fb60..0b45c5f 100644 (file)
@@ -636,6 +636,7 @@ static void textview_show_html(TextView *textview, FILE *fp,
                } else
                        textview_write_line(textview, str, NULL);
        }
+       textview_write_line(textview, "\n", NULL);
        html_parser_destroy(parser);
 }
 
index e7dce09..635be18 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 1999-2003 Hiroyuki Yamamoto
+ * Copyright (C) 1999-2005 Hiroyuki Yamamoto
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
 #include "codeconv.h"
 #include "base64.h"
 #include "quoted-printable.h"
+#include "utils.h"
 
 #define ENCODED_WORD_BEGIN     "=?"
 #define ENCODED_WORD_END       "?="
 
 /* Decodes headers based on RFC2045 and RFC2047. */
 
-void unmime_header(gchar *out, const gchar *str)
+void unmime_header(gchar *out, gint outlen, const gchar *str)
 {
        const gchar *p = str;
        gchar *outp = out;
@@ -50,28 +51,33 @@ void unmime_header(gchar *out, const gchar *str)
 
                eword_begin_p = strstr(p, ENCODED_WORD_BEGIN);
                if (!eword_begin_p) {
-                       strcpy(outp, p);
+                       strncpy2(outp, p, outlen);
                        return;
                }
                encoding_begin_p = strchr(eword_begin_p + 2, '?');
                if (!encoding_begin_p) {
-                       strcpy(outp, p);
+                       strncpy2(outp, p, outlen);
                        return;
                }
                text_begin_p = strchr(encoding_begin_p + 1, '?');
                if (!text_begin_p) {
-                       strcpy(outp, p);
+                       strncpy2(outp, p, outlen);
                        return;
                }
                eword_end_p = strstr(text_begin_p + 1, ENCODED_WORD_END);
                if (!eword_end_p) {
-                       strcpy(outp, p);
+                       strncpy2(outp, p, outlen);
                        return;
                }
 
                if (p == str) {
+                       if (eword_begin_p - p > outlen - 1) {
+                               strncpy2(outp, p, outlen);
+                               return;
+                       }
                        memcpy(outp, p, eword_begin_p - p);
                        outp += eword_begin_p - p;
+                       outlen -= eword_begin_p - p;
                        p = eword_begin_p;
                } else {
                        /* ignore spaces between encoded words */
@@ -79,8 +85,13 @@ void unmime_header(gchar *out, const gchar *str)
 
                        for (sp = p; sp < eword_begin_p; sp++) {
                                if (!isspace(*(const guchar *)sp)) {
+                                       if (eword_begin_p - p > outlen - 1) {
+                                               strncpy2(outp, p, outlen);
+                                               return;
+                                       }
                                        memcpy(outp, p, eword_begin_p - p);
                                        outp += eword_begin_p - p;
+                                       outlen -= eword_begin_p - p;
                                        p = eword_begin_p;
                                        break;
                                }
@@ -106,8 +117,13 @@ void unmime_header(gchar *out, const gchar *str)
                                (decoded_text, text_begin_p + 1,
                                 eword_end_p - (text_begin_p + 1));
                } else {
+                       if (eword_end_p + 2 - p > outlen - 1) {
+                               strncpy2(outp, p, outlen);
+                               return;
+                       }
                        memcpy(outp, p, eword_end_p + 2 - p);
                        outp += eword_end_p + 2 - p;
+                       outlen -= eword_end_p + 2 - p;
                        p = eword_end_p + 2;
                        continue;
                }
@@ -116,13 +132,25 @@ void unmime_header(gchar *out, const gchar *str)
                conv_str = conv_codeset_strdup(decoded_text, charset, NULL);
                if (conv_str) {
                        len = strlen(conv_str);
+                       if (len > outlen - 1) {
+                               strncpy2(outp, conv_str, outlen);
+                               g_free(conv_str);
+                               g_free(decoded_text);
+                               return;
+                       }
                        memcpy(outp, conv_str, len);
                        g_free(conv_str);
                } else {
                        len = strlen(decoded_text);
+                       if (len > outlen - 1) {
+                               conv_localetodisp(outp, outlen, decoded_text);
+                               g_free(decoded_text);
+                               return;
+                       }
                        conv_localetodisp(outp, len + 1, decoded_text);
                }
                outp += len;
+               outlen -= len;
 
                g_free(decoded_text);
 
index 8e6d839..6e5b64c 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 1999-2002 Hiroyuki Yamamoto
+ * Copyright (C) 1999-2005 Hiroyuki Yamamoto
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -23,6 +23,7 @@
 #include <glib.h>
 
 void unmime_header                     (gchar          *out,
+                                        gint            len,
                                         const gchar    *str);
 gint unmime_quoted_printable_line      (gchar          *str);