aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMilan Crha <mcrha@redhat.com>2013-01-11 03:29:50 +0800
committerMilan Crha <mcrha@redhat.com>2013-01-11 03:31:01 +0800
commit9468fc2f6b7f2c689dc35f7617b4a91d1bb04993 (patch)
treec5bb2a4868063b7e71529bd9532fab6eb3b91c83
parentb1ed35f70d09601717e32eb5c762f79908b0bcf8 (diff)
downloadgsoc2013-evolution-9468fc2f6b7f2c689dc35f7617b4a91d1bb04993.tar
gsoc2013-evolution-9468fc2f6b7f2c689dc35f7617b4a91d1bb04993.tar.gz
gsoc2013-evolution-9468fc2f6b7f2c689dc35f7617b4a91d1bb04993.tar.bz2
gsoc2013-evolution-9468fc2f6b7f2c689dc35f7617b4a91d1bb04993.tar.lz
gsoc2013-evolution-9468fc2f6b7f2c689dc35f7617b4a91d1bb04993.tar.xz
gsoc2013-evolution-9468fc2f6b7f2c689dc35f7617b4a91d1bb04993.tar.zst
gsoc2013-evolution-9468fc2f6b7f2c689dc35f7617b4a91d1bb04993.zip
Be more strict in inline PGP mime filter/part parser
-rw-r--r--em-format/e-mail-inline-filter.c38
-rw-r--r--em-format/e-mail-parser-inlinepgp-encrypted.c5
-rw-r--r--em-format/e-mail-parser-inlinepgp-signed.c5
3 files changed, 44 insertions, 4 deletions
diff --git a/em-format/e-mail-inline-filter.c b/em-format/e-mail-inline-filter.c
index 1cd6781a06..8f31409d9e 100644
--- a/em-format/e-mail-inline-filter.c
+++ b/em-format/e-mail-inline-filter.c
@@ -199,6 +199,32 @@ inline_filter_add_part (EMailInlineFilter *emif,
emif->parts = g_slist_append (emif->parts, part);
}
+static gboolean
+newline_or_whitespace_follows (const gchar *str,
+ guint len,
+ guint skip_first)
+{
+ if (len <= skip_first)
+ return len == skip_first;
+
+ str += skip_first;
+ len -= skip_first;
+
+ while (len > 0 && *str != '\n') {
+ if (!*str)
+ return TRUE;
+
+
+ if (!camel_mime_is_lwsp (*str))
+ return FALSE;
+
+ len--;
+ str++;
+ }
+
+ return len == 0 || *str == '\n';
+}
+
static gint
inline_filter_scan (CamelMimeFilter *f,
gchar *in,
@@ -247,12 +273,14 @@ inline_filter_scan (CamelMimeFilter *f,
inline_filter_add_part (emif, data_start, start - data_start);
data_start = start;
emif->state = EMIF_POSTSCRIPT;
- } else if (rest_len >= 34 && strncmp (start, "-----BEGIN PGP SIGNED MESSAGE-----", 34) == 0) {
+ } else if (rest_len >= 34 && strncmp (start, "-----BEGIN PGP SIGNED MESSAGE-----", 34) == 0 &&
+ newline_or_whitespace_follows (start, rest_len, 34)) {
restore_inptr ();
inline_filter_add_part (emif, data_start, start - data_start);
data_start = start;
emif->state = EMIF_PGPSIGNED;
- } else if (rest_len >= 27 && strncmp (start, "-----BEGIN PGP MESSAGE-----", 27) == 0) {
+ } else if (rest_len >= 27 && strncmp (start, "-----BEGIN PGP MESSAGE-----", 27) == 0 &&
+ newline_or_whitespace_follows (start, rest_len, 27)) {
restore_inptr ();
inline_filter_add_part (emif, data_start, start - data_start);
data_start = start;
@@ -279,7 +307,8 @@ inline_filter_scan (CamelMimeFilter *f,
}
break;
case EMIF_PGPSIGNED:
- if (rest_len >= 27 && strncmp (start, "-----END PGP SIGNATURE-----", 27) == 0) {
+ if (rest_len >= 27 && strncmp (start, "-----END PGP SIGNATURE-----", 27) == 0 &&
+ newline_or_whitespace_follows (start, rest_len, 27)) {
restore_inptr ();
inline_filter_add_part (emif, data_start, inptr - data_start);
data_start = inptr;
@@ -288,7 +317,8 @@ inline_filter_scan (CamelMimeFilter *f,
}
break;
case EMIF_PGPENCRYPTED:
- if (rest_len >= 25 && strncmp (start, "-----END PGP MESSAGE-----", 25) == 0) {
+ if (rest_len >= 25 && strncmp (start, "-----END PGP MESSAGE-----", 25) == 0 &&
+ newline_or_whitespace_follows (start, rest_len, 25)) {
restore_inptr ();
inline_filter_add_part (emif, data_start, inptr - data_start);
data_start = inptr;
diff --git a/em-format/e-mail-parser-inlinepgp-encrypted.c b/em-format/e-mail-parser-inlinepgp-encrypted.c
index 885f9151e6..624452c8b0 100644
--- a/em-format/e-mail-parser-inlinepgp-encrypted.c
+++ b/em-format/e-mail-parser-inlinepgp-encrypted.c
@@ -61,6 +61,11 @@ empe_inlinepgp_encrypted_parse (EMailParserExtension *extension,
GList *head, *link;
GError *local_error = NULL;
+ if (g_cancellable_is_cancelled (cancellable) ||
+ /* avoid recursion */
+ (part_id->str && part_id->len > 20 && g_str_has_suffix (part_id->str, ".inlinepgp_encrypted")))
+ return FALSE;
+
cipher = camel_gpg_context_new (e_mail_parser_get_session (parser));
opart = camel_mime_part_new ();
diff --git a/em-format/e-mail-parser-inlinepgp-signed.c b/em-format/e-mail-parser-inlinepgp-signed.c
index 2b11d6e412..fb65e5c447 100644
--- a/em-format/e-mail-parser-inlinepgp-signed.c
+++ b/em-format/e-mail-parser-inlinepgp-signed.c
@@ -66,6 +66,11 @@ empe_inlinepgp_signed_parse (EMailParserExtension *extension,
GError *local_error = NULL;
GByteArray *ba;
+ if (g_cancellable_is_cancelled (cancellable) ||
+ /* avoid recursion */
+ (part_id->str && part_id->len > 17 && g_str_has_suffix (part_id->str, ".inlinepgp_signed")))
+ return FALSE;
+
cipher = camel_gpg_context_new (e_mail_parser_get_session (parser));
/* Verify the signature of the message */