From 45b7871a7d3e622d22e2d04ecddd9950c863f228 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Wilfried=20G=C3=B6esgens?= Date: Tue, 1 Sep 2009 15:38:50 +0000 Subject: [PATCH] * fix a buffer overrun in case of bad strings in vcards. --- webcit/debian/rules | 2 +- webcit/decode.c | 31 ++++++++++++++++--------------- webcit/vcard_edit.c | 2 +- webcit/webcit.h | 2 +- 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/webcit/debian/rules b/webcit/debian/rules index 0a62396a7..a414b89bb 100755 --- a/webcit/debian/rules +++ b/webcit/debian/rules @@ -24,7 +24,7 @@ ifneq (,$(findstring profiling,$(DEB_BUILD_OPTIONS))) LDFLAGS += -pg endif ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 -ggdb -rdynamic -MD -MP -D TECH_PREVIEW -pedantic + CFLAGS += -O0 -ggdb -rdynamic -MD -MP -D TECH_PREVIEW -pedantic -Wformat-nonliteral EXTRA_ARGS = --with-backtrace else CFLAGS += -O2 diff --git a/webcit/decode.c b/webcit/decode.c index 267e85982..c702fdfa3 100644 --- a/webcit/decode.c +++ b/webcit/decode.c @@ -48,7 +48,7 @@ inline char *FindNextEnd (char *bptr) * Handle subjects with RFC2047 encoding such as: * =?koi8-r?B?78bP0s3Mxc7JxSDXz9rE1dvO2c3JINvB0sHNySDP?= */ -void utf8ify_rfc822_string(char *buf) { +void utf8ify_rfc822_string(char **buf) { char *start, *end, *next, *nextend, *ptr; char newbuf[1024]; char charset[128]; @@ -71,9 +71,9 @@ void utf8ify_rfc822_string(char *buf) { * handle it anyway by converting from a user-specified default * charset to UTF-8 if we see any nonprintable characters. */ - len = strlen(buf); + len = strlen(*buf); for (i=0; i 126)) { + if (((*buf)[i] < 32) || ((*buf)[i] > 126)) { illegal_non_rfc2047_encoding = 1; i = len; /*< take a shortcut, it won't be more than one. */ } @@ -87,15 +87,15 @@ void utf8ify_rfc822_string(char *buf) { if (ic != (iconv_t)(-1) ) { ibuf = malloc(1024); isav = ibuf; - safestrncpy(ibuf, buf, 1024); + safestrncpy(ibuf, *buf, 1023); ibuflen = strlen(ibuf); obuflen = 1024; obuf = (char *) malloc(obuflen); osav = obuf; iconv(ic, &ibuf, &ibuflen, &obuf, &obuflen); - osav[1024-obuflen] = 0; - strcpy(buf, osav); - free(osav); + osav[1023-obuflen] = 0; + free(*buf); + *buf = osav; iconv_close(ic); free(isav); } @@ -104,8 +104,8 @@ void utf8ify_rfc822_string(char *buf) { /* pre evaluate the first pair */ nextend = end = NULL; - len = strlen(buf); - start = strstr(buf, "=?"); + len = strlen(*buf); + start = strstr(*buf, "=?"); if (start != NULL) end = FindNextEnd (start); @@ -138,7 +138,7 @@ void utf8ify_rfc822_string(char *buf) { /* now terminate the gab at the end */ delta = (next - end) - 2; len -= delta; - buf[len] = '\0'; + (*buf)[len] = '\0'; /* move next to its new location. */ next -= delta; @@ -153,7 +153,7 @@ void utf8ify_rfc822_string(char *buf) { /* Now we handle foreign character sets properly encoded * in RFC2047 format. */ - while (start=strstr(buf, "=?"), end=FindNextEnd((start != NULL)? start : buf), + while (start=strstr((*buf), "=?"), end=FindNextEnd((start != NULL)? start : (*buf)), ((start != NULL) && (end != NULL) && (end > start)) ) { extract_token(charset, start, 1, '?', sizeof charset); @@ -201,8 +201,9 @@ void utf8ify_rfc822_string(char *buf) { remove_token(end, 0, '?'); strcpy(end, &end[1]); - snprintf(newbuf, sizeof newbuf, "%s%s%s", buf, osav, end); - strcpy(buf, newbuf); + snprintf(newbuf, sizeof newbuf, "%s%s%s", *buf, osav, end); + strcpy(*buf, newbuf); + free(osav); iconv_close(ic); } @@ -216,8 +217,8 @@ void utf8ify_rfc822_string(char *buf) { remove_token(end, 0, '?'); strcpy(end, &end[1]); - snprintf(newbuf, sizeof newbuf, "%s(unreadable)%s", buf, end); - strcpy(buf, newbuf); + snprintf(newbuf, sizeof newbuf, "%s(unreadable)%s", *buf, end); + strcpy(*buf, newbuf); } free(isav); diff --git a/webcit/vcard_edit.c b/webcit/vcard_edit.c index 1f44dd862..860ae1a93 100644 --- a/webcit/vcard_edit.c +++ b/webcit/vcard_edit.c @@ -348,7 +348,7 @@ void display_parsed_vcard(StrBuf *Target, struct vCard *v, int full, long msgnum len = strlen(v->prop[i].value); /* if we have some untagged QP, detect it here. */ if (!is_qp && (strstr(v->prop[i].value, "=?")!=NULL)) - utf8ify_rfc822_string(v->prop[i].value); + utf8ify_rfc822_string(&v->prop[i].value); if (is_qp) { // %ff can become 6 bytes in utf8 diff --git a/webcit/webcit.h b/webcit/webcit.h index 6815c817f..7e1e7e0f3 100644 --- a/webcit/webcit.h +++ b/webcit/webcit.h @@ -821,7 +821,7 @@ int client_read_sslbuffer(StrBuf *buf, int timeout); void client_write_ssl(const StrBuf *Buf); #endif -void utf8ify_rfc822_string(char *buf); +void utf8ify_rfc822_string(char **buf); void begin_burst(void); long end_burst(void); -- 2.30.2