From 7e6ecf64e51b1b9377e701c7380a038360e1ac8c Mon Sep 17 00:00:00 2001 From: Wilfried Goesgens Date: Thu, 5 May 2011 21:14:25 +0000 Subject: [PATCH] fix possible crashes of not NULL-checking the result of icalproperty_get_attendee() --- citadel/modules/calendar/serv_calendar.c | 66 ++++++++++++------------ webcit/availability.c | 8 +-- webcit/calendar.c | 7 +-- webcit/event.c | 21 ++++---- 4 files changed, 53 insertions(+), 49 deletions(-) diff --git a/citadel/modules/calendar/serv_calendar.c b/citadel/modules/calendar/serv_calendar.c index cf448a057..f51e427d2 100644 --- a/citadel/modules/calendar/serv_calendar.c +++ b/citadel/modules/calendar/serv_calendar.c @@ -179,6 +179,7 @@ void ical_send_a_reply(icalcomponent *request, char *action) { icalparameter *partstat = NULL; char *serialized_reply = NULL; char *reply_message_text = NULL; + const char *ch; struct CtdlMessage *msg = NULL; struct recptypes *valid = NULL; @@ -208,22 +209,20 @@ void ical_send_a_reply(icalcomponent *request, char *action) { while (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY), (attendee != NULL) ) { - if (icalproperty_get_attendee(attendee)) { - strcpy(attendee_string, - icalproperty_get_attendee(attendee) ); - if (!strncasecmp(attendee_string, "MAILTO:", 7)) { - strcpy(attendee_string, &attendee_string[7]); - striplt(attendee_string); - recp = validate_recipients(attendee_string, NULL, 0); - if (recp != NULL) { - if (!strcasecmp(recp->recp_local, CC->user.fullname)) { - if (me_attend) icalproperty_free(me_attend); - me_attend = icalproperty_new_clone(attendee); - } - free_recipients(recp); + ch = icalproperty_get_attendee(attendee); + if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) { + safestrncpy(attendee_string, ch + 7, sizeof (attendee_string)); + striplt(attendee_string); + recp = validate_recipients(attendee_string, NULL, 0); + if (recp != NULL) { + if (!strcasecmp(recp->recp_local, CC->user.fullname)) { + if (me_attend) icalproperty_free(me_attend); + me_attend = icalproperty_new_clone(attendee); } + free_recipients(recp); } } + /* Remove it... */ icalcomponent_remove_property(vevent, attendee); icalproperty_free(attendee); @@ -538,10 +537,13 @@ STARTOVER: /* Check to see if these two attendees match... */ - if (!strcasecmp( - icalproperty_get_attendee(e_attendee), - icalproperty_get_attendee(r_attendee) - )) { + const char *e, *r; + e = icalproperty_get_attendee(e_attendee); + r = icalproperty_get_attendee(r_attendee); + + if ((e != NULL) && + (r != NULL) && + !strcasecmp(e, r)) { /* ...and if they do, remove the attendee from the event * and replace it with the attendee from the reply. (The * reply's copy will have the same address, but an updated @@ -2032,19 +2034,17 @@ void ical_send_out_invitations(icalcomponent *top_level_cal, icalcomponent *cal) /* Determine who the recipients of this message are (the attendees) */ strcpy(attendees_string, ""); for (attendee = icalcomponent_get_first_property(the_request, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(the_request, ICAL_ATTENDEE_PROPERTY)) { - if (icalproperty_get_attendee(attendee)) { - safestrncpy(this_attendee, icalproperty_get_attendee(attendee), sizeof this_attendee); - if (!strncasecmp(this_attendee, "MAILTO:", 7)) { - strcpy(this_attendee, &this_attendee[7]); - - if (!CtdlIsMe(this_attendee, sizeof this_attendee)) { /* don't send an invitation to myself! */ - snprintf(&attendees_string[strlen(attendees_string)], - sizeof(attendees_string) - strlen(attendees_string), - "%s, ", - this_attendee + const char *ch = icalproperty_get_attendee(attendee); + if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) { + safestrncpy(this_attendee, ch + 7, sizeof(this_attendee)); + + if (!CtdlIsMe(this_attendee, sizeof this_attendee)) { /* don't send an invitation to myself! */ + snprintf(&attendees_string[strlen(attendees_string)], + sizeof(attendees_string) - strlen(attendees_string), + "%s, ", + this_attendee ); - ++num_attendees; - } + ++num_attendees; } } } @@ -2499,6 +2499,7 @@ void ical_fixed_output_backend(icalcomponent *cal, icalcomponent *c; icalproperty *p; char buf[256]; + const char *ch; p = icalcomponent_get_first_property(cal, ICAL_SUMMARY_PROPERTY); if (p != NULL) { @@ -2517,11 +2518,12 @@ void ical_fixed_output_backend(icalcomponent *cal, /* If the component has attendees, iterate through them. */ for (p = icalcomponent_get_first_property(cal, ICAL_ATTENDEE_PROPERTY); (p != NULL); p = icalcomponent_get_next_property(cal, ICAL_ATTENDEE_PROPERTY)) { - safestrncpy(buf, icalproperty_get_attendee(p), sizeof buf); - if (!strncasecmp(buf, "MAILTO:", 7)) { + ch = icalproperty_get_attendee(p); + if ((ch != NULL) && + !strncasecmp(ch, "MAILTO:", 7)) { /* screen name or email address */ - strcpy(buf, &buf[7]); + safestrncpy(buf, ch + 7, sizeof(buf)); striplt(buf); cprintf("%s ", buf); } diff --git a/webcit/availability.c b/webcit/availability.c index 027352679..3d49f1f55 100644 --- a/webcit/availability.c +++ b/webcit/availability.c @@ -209,6 +209,7 @@ void check_attendee_availability(icalcomponent *vevent) { char attendee_string[SIZ]; char annotated_attendee_string[SIZ]; char annotation[SIZ]; + const char *ch; if (vevent == NULL) { return; @@ -248,12 +249,11 @@ void check_attendee_availability(icalcomponent *vevent) { for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) { - - strcpy(attendee_string, icalproperty_get_attendee(attendee)); - if (!strncasecmp(attendee_string, "MAILTO:", 7)) { + ch = icalproperty_get_attendee(attendee); + if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) { /** screen name or email address */ - strcpy(attendee_string, &attendee_string[7]); + safestrncpy(attendee_string, ch + 7, sizeof(attendee_string)); striplt(attendee_string); check_individual_attendee(attendee_string, diff --git a/webcit/calendar.c b/webcit/calendar.c index 6861a6a89..98fc8260c 100644 --- a/webcit/calendar.c +++ b/webcit/calendar.c @@ -48,6 +48,7 @@ void cal_process_object(StrBuf *Target, int is_update = 0; char divname[32]; static int divcount = 0; + const char *ch; sprintf(divname, "rsvp%04x", ++divcount); @@ -182,11 +183,11 @@ void cal_process_object(StrBuf *Target, StrBufAppendPrintf(Target, "
"); StrBufAppendPrintf(Target, _("Attendee:")); StrBufAppendPrintf(Target, "
"); - safestrncpy(buf, icalproperty_get_attendee(p), sizeof buf); - if (!strncasecmp(buf, "MAILTO:", 7)) { + ch = icalproperty_get_attendee(p); + if ((ch != NULL) && !strncasecmp(buf, "MAILTO:", 7)) { /** screen name or email address */ - strcpy(buf, &buf[7]); + safestrncpy(buf, ch + 7, sizeof(buf)); striplt(buf); StrEscAppend(Target, NULL, buf, 0, 0); StrBufAppendPrintf(Target, " "); diff --git a/webcit/event.c b/webcit/event.c index 1d7354077..a7107bde7 100644 --- a/webcit/event.c +++ b/webcit/event.c @@ -65,7 +65,7 @@ void display_edit_individual_event(icalcomponent *supplied_vevent, long msgnum, int which_rrend_is_preselected; int which_rryeartype_is_preselected; - + const char *ch; char *tabnames[3]; const char *frequency_units[8]; const char *ordinals[6]; @@ -463,11 +463,11 @@ void display_edit_individual_event(icalcomponent *supplied_vevent, long msgnum, for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) { - strcpy(attendee_string, icalproperty_get_attendee(attendee)); - if (!strncasecmp(attendee_string, "mailto:", 7)) { + ch = icalproperty_get_attendee(attendee); + if ((ch != NULL) && !strncasecmp(ch, "mailto:", 7)) { /* screen name or email address */ - strcpy(attendee_string, &attendee_string[7]); + safestrncpy(attendee_string, ch + 7, sizeof(attendee_string)); striplt(attendee_string); if (i++) wc_printf("\n"); escputs(attendee_string); @@ -805,6 +805,7 @@ void save_individual_event(icalcomponent *supplied_vevent, long msgnum, char *fr char organizer_string[SIZ]; int sequence = 0; enum icalproperty_transp formtransp = ICAL_TRANSP_NONE; + const char *ch; if (supplied_vevent != NULL) { vevent = supplied_vevent; @@ -1099,15 +1100,15 @@ void save_individual_event(icalcomponent *supplied_vevent, long msgnum, char *fr foundit = 0; for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) { - if (!strcasecmp(attendee_string, - icalproperty_get_attendee(attendee))) + ch = icalproperty_get_attendee(attendee); + if ((ch != NULL) && !strcasecmp(attendee_string, ch)) ++foundit; } if (foundit == 0) { icalcomponent_add_property(vevent, - icalproperty_new_attendee(attendee_string) + icalproperty_new_attendee(attendee_string) ); } } @@ -1117,9 +1118,9 @@ void save_individual_event(icalcomponent *supplied_vevent, long msgnum, char *fr * Remove any attendees *not* listed in the web form */ STARTOVER: for (attendee = icalcomponent_get_first_property(vevent, ICAL_ATTENDEE_PROPERTY); attendee != NULL; attendee = icalcomponent_get_next_property(vevent, ICAL_ATTENDEE_PROPERTY)) { - strcpy(attendee_string, icalproperty_get_attendee(attendee)); - if (!strncasecmp(attendee_string, "MAILTO:", 7)) { - strcpy(attendee_string, &attendee_string[7]); + ch = icalproperty_get_attendee(attendee); + if ((ch != NULL) && !strncasecmp(ch, "MAILTO:", 7)) { + safestrncpy(attendee_string, ch + 7, sizeof(attendee_string)); striplt(attendee_string); foundit = 0; for (i=0; i