fix buffer overrun while converting charsets

[citadel.git] / libcitadel / lib / stringbuf.c

diff --git a/libcitadel/lib/stringbuf.c b/libcitadel/lib/stringbuf.c
index 250b3109c4b57f97fdbceac74ac6cae2e576cc0a..ed17a0a0cb3504e8773a5dc13ddf29d68122b1d3 100644 (file)
--- a/libcitadel/lib/stringbuf.c
+++ b/libcitadel/lib/stringbuf.c
@@ -2259,6 +2259,7 @@ int StrBufDecodeBase64(StrBuf *Buf)
        if (Buf == NULL) return -1;
 
        xferbuf = (char*) malloc(Buf->BufSize);
+       *xferbuf = '\0';
        siz = CtdlDecodeBase64(xferbuf,
                               Buf->buf,
                               Buf->BufUsed);
@@ -2537,7 +2538,6 @@ StrBuf *StrBufSanitizeEmailRecipientVector(const StrBuf *Recp,
                                pch = NULL;
                                if (EmailEnd != NULL) {
                                        gt = 1;
-                                       EmailEnd --;
                                }
                                else {
                                        EmailEnd = pche;
@@ -2546,14 +2546,15 @@ StrBuf *StrBufSanitizeEmailRecipientVector(const StrBuf *Recp,
                        else {
 
                                pch = EmailEnd + 1;
-                               while ((EmailEnd > UserStart) && 
+                               while ((EmailEnd > UserStart) && !gt &&
                                       ((*EmailEnd == ',') ||
                                        (*EmailEnd == '>') ||
                                        (isspace(*EmailEnd))))
                                {
                                        if (*EmailEnd == '>')
                                                gt = 1;
-                                       EmailEnd--;
+                                       else 
+                                               EmailEnd--;
                                }
                                if (EmailEnd == UserStart)
                                        break;
@@ -2562,7 +2563,11 @@ StrBuf *StrBufSanitizeEmailRecipientVector(const StrBuf *Recp,
                                EmailStart = strchr(UserStart, '<');
                                if ((EmailStart == NULL) || (EmailStart > EmailEnd))
                                        break;
-                               UserEnd = EmailStart - 1;
+                               UserEnd = EmailStart;
+
+                               while ((UserEnd > UserStart) && 
+                                      isspace (*(UserEnd - 1)))
+                                       UserEnd --;
                                EmailStart ++;
                                if (UserStart >= UserEnd)
                                        UserStart = UserEnd = NULL;
@@ -2845,6 +2850,8 @@ inline static void DecodeSegment(StrBuf *Target,
        
        *encoding = toupper(*encoding);
        if (*encoding == 'B') { /**< base64 */
+               if (ConvertBuf2->BufSize < ConvertBuf->BufUsed)
+                       IncreaseBuf(ConvertBuf2, 0, ConvertBuf->BufUsed);
                ConvertBuf2->BufUsed = CtdlDecodeBase64(ConvertBuf2->buf, 
                                                        ConvertBuf->buf, 
                                                        ConvertBuf->BufUsed);
@@ -2860,6 +2867,9 @@ inline static void DecodeSegment(StrBuf *Target,
                        pos++;
                }
                
+               if (ConvertBuf2->BufSize < ConvertBuf->BufUsed)
+                       IncreaseBuf(ConvertBuf2, 0, ConvertBuf->BufUsed);
+
                ConvertBuf2->BufUsed = CtdlDecodeQuotedPrintable(
                        ConvertBuf2->buf, 
                        ConvertBuf->buf,