fix possible crashes of not NULL-checking the result of icalproperty_get_attendee()

diff --git a/citadel/modules/calendar/serv_calendar.c b/citadel/modules/calendar/serv_calendar.c
index dc05c468548b0c47757cb9148c0e05e2bf48af6a..04fb02484119e977a2d3f508b3dfe114aed524e0 100644 (file)
--- a/citadel/modules/calendar/serv_calendar.c
+++ b/citadel/modules/calendar/serv_calendar.c
@@ -181,6 +181,7 @@ void ical_send_a_reply(icalcomponent *request, char *action) {
        icalparameter *partstat = NULL;
        char *serialized_reply = NULL;
        char *reply_message_text = NULL;
+       const char *ch;
        struct CtdlMessage *msg = NULL;
        struct recptypes *valid = NULL;
 
@@ -210,22 +211,20 @@ void ical_send_a_reply(icalcomponent *request, char *action) {
                while (attendee = icalcomponent_get_first_property(vevent,
                    ICAL_ATTENDEE_PROPERTY), (attendee != NULL)
                ) {
-                       if (icalproperty_get_attendee(attendee)) {
-                               strcpy(attendee_string,
-                                       icalproperty_get_attendee(attendee) );
-                               if (!strncasecmp(attendee_string, "MAILTO:", 7)) {
-                                       strcpy(attendee_string, &attendee_string[7]);
-                                       striplt(attendee_string);
-                                       recp = validate_recipients(attendee_string, NULL, 0);
-                                       if (recp != NULL) {
-                                               if (!strcasecmp(recp->recp_local, CC->user.fullname)) {
-                                                       if (me_attend) icalproperty_free(me_attend);
-                                                       me_attend = icalproperty_new_clone(attendee);
-                                               }
-                                               free_recipients(recp);
+                       ch = icalproperty_get_attendee(attendee);
+                       if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) {
+                               safestrncpy(attendee_string, ch + 7, sizeof (attendee_string));
+                               striplt(attendee_string);
+                               recp = validate_recipients(attendee_string, NULL, 0);
+                               if (recp != NULL) {
+                                       if (!strcasecmp(recp->recp_local, CC->user.fullname)) {
+                                               if (me_attend) icalproperty_free(me_attend);
+                                               me_attend = icalproperty_new_clone(attendee);
                                        }
+                                       free_recipients(recp);
                                }
                        }
+
                        /* Remove it... */
                        icalcomponent_remove_property(vevent, attendee);
                        icalproperty_free(attendee);
@@ -540,10 +539,13 @@ STARTOVER:
 
                        /* Check to see if these two attendees match...
                         */
-                       if (!strcasecmp(
-                          icalproperty_get_attendee(e_attendee),
-                          icalproperty_get_attendee(r_attendee)
-                       )) {
+                       const char *e, *r;
+                       e = icalproperty_get_attendee(e_attendee);
+                       r = icalproperty_get_attendee(r_attendee);
+
+                       if ((e != NULL) && 
+                           (r != NULL) && 
+                           !strcasecmp(e, r)) {
                                /* ...and if they do, remove the attendee from the event
                                 * and replace it with the attendee from the reply.  (The
                                 * reply's copy will have the same address, but an updated
@@ -2034,19 +2036,17 @@ void ical_send_out_invitations(icalcomponent *top_level_cal, icalcomponent *cal)
        /* Determine who the recipients of this message are (the attendees) */
        strcpy(attendees_string, "");
        for (attendee = icalcomponent_get_first_property(the_request, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(the_request, ICAL_ATTENDEE_PROPERTY)) {
-               if (icalproperty_get_attendee(attendee)) {
-                       safestrncpy(this_attendee, icalproperty_get_attendee(attendee), sizeof this_attendee);
-                       if (!strncasecmp(this_attendee, "MAILTO:", 7)) {
-                               strcpy(this_attendee, &this_attendee[7]);
-
-                               if (!CtdlIsMe(this_attendee, sizeof this_attendee)) {   /* don't send an invitation to myself! */
-                                       snprintf(&attendees_string[strlen(attendees_string)],
-                                               sizeof(attendees_string) - strlen(attendees_string),
-                                               "%s, ",
-                                               this_attendee
+               const char *ch = icalproperty_get_attendee(attendee);
+               if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) {
+                       safestrncpy(this_attendee, ch + 7, sizeof(this_attendee));
+                       
+                       if (!CtdlIsMe(this_attendee, sizeof this_attendee)) {   /* don't send an invitation to myself! */
+                               snprintf(&attendees_string[strlen(attendees_string)],
+                                        sizeof(attendees_string) - strlen(attendees_string),
+                                        "%s, ",
+                                        this_attendee
                                        );
-                                       ++num_attendees;
-                               }
+                               ++num_attendees;
                        }
                }
        }
@@ -2501,6 +2501,7 @@ void ical_fixed_output_backend(icalcomponent *cal,
        icalcomponent *c;
        icalproperty *p;
        char buf[256];
+       const char *ch;
 
        p = icalcomponent_get_first_property(cal, ICAL_SUMMARY_PROPERTY);
        if (p != NULL) {
@@ -2519,11 +2520,12 @@ void ical_fixed_output_backend(icalcomponent *cal,
 
        /* If the component has attendees, iterate through them. */
        for (p = icalcomponent_get_first_property(cal, ICAL_ATTENDEE_PROPERTY); (p != NULL); p = icalcomponent_get_next_property(cal, ICAL_ATTENDEE_PROPERTY)) {
-               safestrncpy(buf, icalproperty_get_attendee(p), sizeof buf);
-               if (!strncasecmp(buf, "MAILTO:", 7)) {
+               ch =  icalproperty_get_attendee(p);
+               if ((ch != NULL) && 
+                   !strncasecmp(ch, "MAILTO:", 7)) {
 
                        /* screen name or email address */
-                       strcpy(buf, &buf[7]);
+                       safestrncpy(buf, ch + 7, sizeof(buf));
                        striplt(buf);
                        cprintf("%s ", buf);
                }

diff --git a/webcit/availability.c b/webcit/availability.c
index 00ee0ac712d8cf4e63174dffb3f18ce818683b47..d6949b6d6502424b84fc033b1812a359a6780737 100644 (file)
--- a/webcit/availability.c
+++ b/webcit/availability.c
@@ -211,6 +211,7 @@ void check_attendee_availability(icalcomponent *vevent) {
        char attendee_string[SIZ];
        char annotated_attendee_string[SIZ];
        char annotation[SIZ];
+       const char *ch;
 
        if (vevent == NULL) {
                return;
@@ -250,12 +251,11 @@ void check_attendee_availability(icalcomponent *vevent) {
        for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY);
            attendee != NULL;
            attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) {
-
-               strcpy(attendee_string, icalproperty_get_attendee(attendee));
-               if (!strncasecmp(attendee_string, "MAILTO:", 7)) {
+               ch = icalproperty_get_attendee(attendee);
+               if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) {
 
                        /** screen name or email address */
-                       strcpy(attendee_string, &attendee_string[7]);
+                       safestrncpy(attendee_string, ch + 7, sizeof(attendee_string));
                        striplt(attendee_string);
 
                        check_individual_attendee(attendee_string,

diff --git a/webcit/calendar.c b/webcit/calendar.c
index 9211b2bc05609d121740f44aaf1164ceb50ea1a9..7ddd3539174f37cd525d27846a08a3ce2269ff41 100644 (file)
--- a/webcit/calendar.c
+++ b/webcit/calendar.c
@@ -50,6 +50,7 @@ void cal_process_object(StrBuf *Target,
        int is_update = 0;
        char divname[32];
        static int divcount = 0;
+       const char *ch;
 
        sprintf(divname, "rsvp%04x", ++divcount);
 
@@ -184,11 +185,11 @@ void cal_process_object(StrBuf *Target,
                StrBufAppendPrintf(Target, "<dt>");
                StrBufAppendPrintf(Target, _("Attendee:"));
                StrBufAppendPrintf(Target, "</dt><dd>");
-               safestrncpy(buf, icalproperty_get_attendee(p), sizeof buf);
-               if (!strncasecmp(buf, "MAILTO:", 7)) {
+               ch = icalproperty_get_attendee(p);
+               if ((ch != NULL) && !strncasecmp(buf, "MAILTO:", 7)) {
 
                        /** screen name or email address */
-                       strcpy(buf, &buf[7]);
+                       safestrncpy(buf, ch + 7, sizeof(buf));
                        striplt(buf);
                        StrEscAppend(Target, NULL, buf, 0, 0);
                        StrBufAppendPrintf(Target, " ");

diff --git a/webcit/event.c b/webcit/event.c
index 61f664da9ca6699899f5be96de5c7e8437c2a761..4b34b3126baf8f22e32664df2e80acbf67ea5d88 100644 (file)
--- a/webcit/event.c
+++ b/webcit/event.c
@@ -67,7 +67,7 @@ void display_edit_individual_event(icalcomponent *supplied_vevent, long msgnum,
        int which_rrend_is_preselected;
        int which_rryeartype_is_preselected;
 
-
+       const char *ch;
        char *tabnames[3];
        const char *frequency_units[8];
        const char *ordinals[6];
@@ -467,11 +467,12 @@ void display_edit_individual_event(icalcomponent *supplied_vevent, long msgnum,
        for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY);
            attendee != NULL;
            attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) {
-               strcpy(attendee_string, icalproperty_get_attendee(attendee));
-               if (!strncasecmp(attendee_string, "MAILTO:", 7)) {
+
+               ch = icalproperty_get_attendee(attendee);
+               if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) {
 
                        /* screen name or email address */
-                       strcpy(attendee_string, &attendee_string[7]);
+                       safestrncpy(attendee_string, ch + 7, sizeof(attendee_string));
                        striplt(attendee_string);
                        if (i++) wc_printf("\n");
                        escputs(attendee_string);
@@ -811,6 +812,7 @@ void save_individual_event(icalcomponent *supplied_vevent, long msgnum, char *fr
        char organizer_string[SIZ];
        int sequence = 0;
        enum icalproperty_transp formtransp = ICAL_TRANSP_NONE;
+       const char *ch;
 
        if (supplied_vevent != NULL) {
                vevent = supplied_vevent;
@@ -1105,15 +1107,15 @@ void save_individual_event(icalcomponent *supplied_vevent, long msgnum, char *fr
                                foundit = 0;
 
                                for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) {
-                                       if (!strcasecmp(attendee_string,
-                                          icalproperty_get_attendee(attendee)))
+                                       ch = icalproperty_get_attendee(attendee);
+                                       if ((ch != NULL) && !strcasecmp(attendee_string, ch))
                                                ++foundit;
                                }
 
 
                                if (foundit == 0) {
                                        icalcomponent_add_property(vevent,
-                                               icalproperty_new_attendee(attendee_string)
+                                                                  icalproperty_new_attendee(attendee_string)
                                        );
                                }
                        }
@@ -1123,9 +1125,9 @@ void save_individual_event(icalcomponent *supplied_vevent, long msgnum, char *fr
                 * Remove any attendees *not* listed in the web form
                 */
 STARTOVER:     for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) {
-                       strcpy(attendee_string, icalproperty_get_attendee(attendee));
-                       if (!strncasecmp(attendee_string, "MAILTO:", 7)) {
-                               strcpy(attendee_string, &attendee_string[7]);
+                       ch = icalproperty_get_attendee(attendee);
+                       if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) {
+                               safestrncpy(attendee_string, ch + 7, sizeof(attendee_string));
                                striplt(attendee_string);
                                foundit = 0;
                                for (i=0; i<num_tokens(form_attendees, '\n'); ++i) {