upas/fs: use memchr() instead of strchr() in hdrlen()
make sure we look for the end of the header within the pointer range, and not accidentally read beyond hend. also, messages are not null terminated, so this could even go beyond the email data buffer. get rid of mimeflag which was only used for some assert checks. take header length into account when comparing header against ignored header strings.
This commit is contained in:
parent
1e8eb61a37
commit
d7613e356c
4 changed files with 11 additions and 20 deletions
|
@ -129,7 +129,6 @@ struct Message {
|
|||
char converted;
|
||||
char encoding;
|
||||
char decoded;
|
||||
char mimeflag;
|
||||
|
||||
Message *next;
|
||||
Message *part;
|
||||
|
|
|
@ -1517,12 +1517,12 @@ struct Ignorance
|
|||
char *str;
|
||||
int len;
|
||||
};
|
||||
Ignorance *ignorance;
|
||||
static Ignorance *ignorance;
|
||||
|
||||
/*
|
||||
* read the file of headers to ignore
|
||||
*/
|
||||
void
|
||||
static void
|
||||
readignore(void)
|
||||
{
|
||||
char *p;
|
||||
|
@ -1554,14 +1554,14 @@ readignore(void)
|
|||
Bterm(b);
|
||||
}
|
||||
|
||||
int
|
||||
ignore(char *p)
|
||||
static int
|
||||
ignore(char *p, int n)
|
||||
{
|
||||
Ignorance *i;
|
||||
|
||||
readignore();
|
||||
for(i = ignorance; i != nil; i = i->next)
|
||||
if(cistrncmp(i->str, p, i->len) == 0)
|
||||
if(i->len <= n && cistrncmp(i->str, p, i->len) == 0)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
@ -1580,9 +1580,9 @@ readheader(Message *m, char *buf, int off, int cnt)
|
|||
|
||||
/* copy in good headers */
|
||||
while(cnt > 0 && p < e){
|
||||
n = hdrlen(p, e);
|
||||
assert(n > 0);
|
||||
if(ignore(p)){
|
||||
if((n = hdrlen(p, e)) <= 0)
|
||||
break;
|
||||
if(ignore(p, n)){
|
||||
p += n;
|
||||
continue;
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ hdrlen(char *p, char *e)
|
|||
|
||||
ep = p;
|
||||
do {
|
||||
ep = strchr(ep, '\n');
|
||||
ep = memchr(ep, '\n', e - ep);
|
||||
if(ep == nil){
|
||||
ep = e;
|
||||
break;
|
||||
|
|
|
@ -393,8 +393,6 @@ haschild(Message *m, int i)
|
|||
{
|
||||
for(m = m->part; m && i; i--)
|
||||
m = m->next;
|
||||
if(m)
|
||||
m->mimeflag = 0;
|
||||
return m;
|
||||
}
|
||||
|
||||
|
@ -426,11 +424,8 @@ parseattachments(Message *m, Mailbox *mb)
|
|||
}
|
||||
/* no boundary, we're done */
|
||||
if(x == nil){
|
||||
if(nm != nil){
|
||||
if(nm != nil)
|
||||
nm->rbend = nm->bend = nm->end = m->bend;
|
||||
if(nm->end == nm->start)
|
||||
nm->mimeflag |= Mtrunc;
|
||||
}
|
||||
break;
|
||||
}
|
||||
/* boundary must be at the start of a line */
|
||||
|
@ -475,8 +470,6 @@ parseattachments(Message *m, Mailbox *mb)
|
|||
assert(nm->ballocd == 0);
|
||||
nm->start = nm->header = nm->body = nm->rbody = m->body;
|
||||
nm->end = nm->bend = nm->rbend = m->bend;
|
||||
if(nm->end == nm->start)
|
||||
nm->mimeflag |= Mtrunc;
|
||||
nm->size = nm->end - nm->start;
|
||||
parse(mb, nm, 0, 0);
|
||||
cachehash(mb, nm); /* botchy place for this */
|
||||
|
@ -497,7 +490,7 @@ parseheaders(Mailbox *mb, Message *m, int addfrom, int justmime)
|
|||
i0 = Mhead;
|
||||
s = emalloc(2048);
|
||||
e = s + 2048 - 1;
|
||||
while((n = hdrlen(p, m->end)) != 0){
|
||||
while((n = hdrlen(p, m->end)) > 0){
|
||||
if(n > e - s){
|
||||
s = erealloc(s, n);
|
||||
e = s + n - 1;
|
||||
|
@ -598,7 +591,6 @@ void
|
|||
parse(Mailbox *mb, Message *m, int addfrom, int justmime)
|
||||
{
|
||||
sanemsg(m);
|
||||
assert(m->end - m->start > 0 || (m->mimeflag&Mtrunc) != 0 && m->end - m->start == 0);
|
||||
if((m->cstate & Cheader) == 0)
|
||||
parseheaders(mb, m, addfrom, justmime);
|
||||
parsebody(m, mb);
|
||||
|
|
Loading…
Reference in a new issue