fix possible crashes of not NULL-checking the result of icalproperty_get_attendee()

diff --git a/citadel/modules/calendar/serv_calendar.c b/citadel/modules/calendar/serv_calendar.c
index cf448a057dd4a6d8f428387b07072a4e7d7b39dd..f51e427d26590b3061ca7ee04f770b8af2dfd4e8 100644 (file)
--- a/citadel/modules/calendar/serv_calendar.c
+++ b/citadel/modules/calendar/serv_calendar.c
@@ -179,6 +179,7 @@ void ical_send_a_reply(icalcomponent *request, char *action) {
        icalparameter *partstat = NULL;
        char *serialized_reply = NULL;
        char *reply_message_text = NULL;
+       const char *ch;
        struct CtdlMessage *msg = NULL;
        struct recptypes *valid = NULL;
 
@@ -208,22 +209,20 @@ void ical_send_a_reply(icalcomponent *request, char *action) {
                while (attendee = icalcomponent_get_first_property(vevent,
                    ICAL_ATTENDEE_PROPERTY), (attendee != NULL)
                ) {
-                       if (icalproperty_get_attendee(attendee)) {
-                               strcpy(attendee_string,
-                                       icalproperty_get_attendee(attendee) );
-                               if (!strncasecmp(attendee_string, "MAILTO:", 7)) {
-                                       strcpy(attendee_string, &attendee_string[7]);
-                                       striplt(attendee_string);
-                                       recp = validate_recipients(attendee_string, NULL, 0);
-                                       if (recp != NULL) {
-                                               if (!strcasecmp(recp->recp_local, CC->user.fullname)) {
-                                                       if (me_attend) icalproperty_free(me_attend);
-                                                       me_attend = icalproperty_new_clone(attendee);
-                                               }
-                                               free_recipients(recp);
+                       ch = icalproperty_get_attendee(attendee);
+                       if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) {
+                               safestrncpy(attendee_string, ch + 7, sizeof (attendee_string));
+                               striplt(attendee_string);
+                               recp = validate_recipients(attendee_string, NULL, 0);
+                               if (recp != NULL) {
+                                       if (!strcasecmp(recp->recp_local, CC->user.fullname)) {
+                                               if (me_attend) icalproperty_free(me_attend);
+                                               me_attend = icalproperty_new_clone(attendee);
                                        }
+                                       free_recipients(recp);
                                }
                        }
+
                        /* Remove it... */
                        icalcomponent_remove_property(vevent, attendee);
                        icalproperty_free(attendee);
@@ -538,10 +537,13 @@ STARTOVER:
 
                        /* Check to see if these two attendees match...
                         */
-                       if (!strcasecmp(
-                          icalproperty_get_attendee(e_attendee),
-                          icalproperty_get_attendee(r_attendee)
-                       )) {
+                       const char *e, *r;
+                       e = icalproperty_get_attendee(e_attendee);
+                       r = icalproperty_get_attendee(r_attendee);
+
+                       if ((e != NULL) && 
+                           (r != NULL) && 
+                           !strcasecmp(e, r)) {
                                /* ...and if they do, remove the attendee from the event
                                 * and replace it with the attendee from the reply.  (The
                                 * reply's copy will have the same address, but an updated
@@ -2032,19 +2034,17 @@ void ical_send_out_invitations(icalcomponent *top_level_cal, icalcomponent *cal)
        /* Determine who the recipients of this message are (the attendees) */
        strcpy(attendees_string, "");
        for (attendee = icalcomponent_get_first_property(the_request, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(the_request, ICAL_ATTENDEE_PROPERTY)) {
-               if (icalproperty_get_attendee(attendee)) {
-                       safestrncpy(this_attendee, icalproperty_get_attendee(attendee), sizeof this_attendee);
-                       if (!strncasecmp(this_attendee, "MAILTO:", 7)) {
-                               strcpy(this_attendee, &this_attendee[7]);
-
-                               if (!CtdlIsMe(this_attendee, sizeof this_attendee)) {   /* don't send an invitation to myself! */
-                                       snprintf(&attendees_string[strlen(attendees_string)],
-                                               sizeof(attendees_string) - strlen(attendees_string),
-                                               "%s, ",
-                                               this_attendee
+               const char *ch = icalproperty_get_attendee(attendee);
+               if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) {
+                       safestrncpy(this_attendee, ch + 7, sizeof(this_attendee));
+                       
+                       if (!CtdlIsMe(this_attendee, sizeof this_attendee)) {   /* don't send an invitation to myself! */
+                               snprintf(&attendees_string[strlen(attendees_string)],
+                                        sizeof(attendees_string) - strlen(attendees_string),
+                                        "%s, ",
+                                        this_attendee
                                        );
-                                       ++num_attendees;
-                               }
+                               ++num_attendees;
                        }
                }
        }
@@ -2499,6 +2499,7 @@ void ical_fixed_output_backend(icalcomponent *cal,
        icalcomponent *c;
        icalproperty *p;
        char buf[256];
+       const char *ch;
 
        p = icalcomponent_get_first_property(cal, ICAL_SUMMARY_PROPERTY);
        if (p != NULL) {
@@ -2517,11 +2518,12 @@ void ical_fixed_output_backend(icalcomponent *cal,
 
        /* If the component has attendees, iterate through them. */
        for (p = icalcomponent_get_first_property(cal, ICAL_ATTENDEE_PROPERTY); (p != NULL); p = icalcomponent_get_next_property(cal, ICAL_ATTENDEE_PROPERTY)) {
-               safestrncpy(buf, icalproperty_get_attendee(p), sizeof buf);
-               if (!strncasecmp(buf, "MAILTO:", 7)) {
+               ch =  icalproperty_get_attendee(p);
+               if ((ch != NULL) && 
+                   !strncasecmp(ch, "MAILTO:", 7)) {
 
                        /* screen name or email address */
-                       strcpy(buf, &buf[7]);
+                       safestrncpy(buf, ch + 7, sizeof(buf));
                        striplt(buf);
                        cprintf("%s ", buf);
                }

diff --git a/webcit/availability.c b/webcit/availability.c
index 027352679980b580d1a14e76c9c555d775ff6a5c..3d49f1f550c1ea5ba59f5a142404d1e474f7e028 100644 (file)
--- a/webcit/availability.c
+++ b/webcit/availability.c
@@ -209,6 +209,7 @@ void check_attendee_availability(icalcomponent *vevent) {
        char attendee_string[SIZ];
        char annotated_attendee_string[SIZ];
        char annotation[SIZ];
+       const char *ch;
 
        if (vevent == NULL) {
                return;
@@ -248,12 +249,11 @@ void check_attendee_availability(icalcomponent *vevent) {
        for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY);
            attendee != NULL;
            attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) {
-
-               strcpy(attendee_string, icalproperty_get_attendee(attendee));
-               if (!strncasecmp(attendee_string, "MAILTO:", 7)) {
+               ch = icalproperty_get_attendee(attendee);
+               if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) {
 
                        /** screen name or email address */
-                       strcpy(attendee_string, &attendee_string[7]);
+                       safestrncpy(attendee_string, ch + 7, sizeof(attendee_string));
                        striplt(attendee_string);
 
                        check_individual_attendee(attendee_string,

diff --git a/webcit/calendar.c b/webcit/calendar.c
index 6861a6a89f3286a5e53632eaca9fcff1c6533ea8..98fc8260c426eaa2ef052356f866b1555913c7f5 100644 (file)
--- a/webcit/calendar.c
+++ b/webcit/calendar.c
@@ -48,6 +48,7 @@ void cal_process_object(StrBuf *Target,
        int is_update = 0;
        char divname[32];
        static int divcount = 0;
+       const char *ch;
 
        sprintf(divname, "rsvp%04x", ++divcount);
 
@@ -182,11 +183,11 @@ void cal_process_object(StrBuf *Target,
                StrBufAppendPrintf(Target, "<dt>");
                StrBufAppendPrintf(Target, _("Attendee:"));
                StrBufAppendPrintf(Target, "</dt><dd>");
-               safestrncpy(buf, icalproperty_get_attendee(p), sizeof buf);
-               if (!strncasecmp(buf, "MAILTO:", 7)) {
+               ch = icalproperty_get_attendee(p);
+               if ((ch != NULL) && !strncasecmp(buf, "MAILTO:", 7)) {
 
                        /** screen name or email address */
-                       strcpy(buf, &buf[7]);
+                       safestrncpy(buf, ch + 7, sizeof(buf));
                        striplt(buf);
                        StrEscAppend(Target, NULL, buf, 0, 0);
                        StrBufAppendPrintf(Target, " ");

diff --git a/webcit/event.c b/webcit/event.c
index 1d73540775ab6b42faa4ff502b1d7af3dcbc75a7..a7107bde7b072e78817da8009c1a3adc5897502a 100644 (file)
--- a/webcit/event.c
+++ b/webcit/event.c
@@ -65,7 +65,7 @@ void display_edit_individual_event(icalcomponent *supplied_vevent, long msgnum,
        int which_rrend_is_preselected;
        int which_rryeartype_is_preselected;
 
-
+       const char *ch;
        char *tabnames[3];
        const char *frequency_units[8];
        const char *ordinals[6];
@@ -463,11 +463,11 @@ void display_edit_individual_event(icalcomponent *supplied_vevent, long msgnum,
        for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY);
            attendee != NULL;
            attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) {
-               strcpy(attendee_string, icalproperty_get_attendee(attendee));
-               if (!strncasecmp(attendee_string, "mailto:", 7)) {
+               ch = icalproperty_get_attendee(attendee);
+               if ((ch != NULL) && !strncasecmp(ch, "mailto:", 7)) {
 
                        /* screen name or email address */
-                       strcpy(attendee_string, &attendee_string[7]);
+                       safestrncpy(attendee_string, ch + 7, sizeof(attendee_string));
                        striplt(attendee_string);
                        if (i++) wc_printf("\n");
                        escputs(attendee_string);
@@ -805,6 +805,7 @@ void save_individual_event(icalcomponent *supplied_vevent, long msgnum, char *fr
        char organizer_string[SIZ];
        int sequence = 0;
        enum icalproperty_transp formtransp = ICAL_TRANSP_NONE;
+       const char *ch;
 
        if (supplied_vevent != NULL) {
                vevent = supplied_vevent;
@@ -1099,15 +1100,15 @@ void save_individual_event(icalcomponent *supplied_vevent, long msgnum, char *fr
                                foundit = 0;
 
                                for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) {
-                                       if (!strcasecmp(attendee_string,
-                                          icalproperty_get_attendee(attendee)))
+                                       ch = icalproperty_get_attendee(attendee);
+                                       if ((ch != NULL) && !strcasecmp(attendee_string, ch))
                                                ++foundit;
                                }
 
 
                                if (foundit == 0) {
                                        icalcomponent_add_property(vevent,
-                                               icalproperty_new_attendee(attendee_string)
+                                                                  icalproperty_new_attendee(attendee_string)
                                        );
                                }
                        }
@@ -1117,9 +1118,9 @@ void save_individual_event(icalcomponent *supplied_vevent, long msgnum, char *fr
                 * Remove any attendees *not* listed in the web form
                 */
 STARTOVER:     for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) {
-                       strcpy(attendee_string, icalproperty_get_attendee(attendee));
-                       if (!strncasecmp(attendee_string, "MAILTO:", 7)) {
-                               strcpy(attendee_string, &attendee_string[7]);
+                       ch = icalproperty_get_attendee(attendee);
+                       if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) {
+                               safestrncpy(attendee_string, ch + 7, sizeof(attendee_string));
                                striplt(attendee_string);
                                foundit = 0;
                                for (i=0; i<num_tokens(form_attendees, '\n'); ++i) {