X-Git-Url: http://git.maemo.org/git/?a=blobdiff_plain;f=src%2Fmodest-text-utils.c;h=8161ae525541d813301f9a4f68198387bb4cbf85;hb=63951a450b16e144c215ecbac88c37c80dd823a0;hp=7032d07497d9f6c65061a00931eacefc3ecf6141;hpb=4e20c90f5906916473d0720917f436f570ebb556;p=modest diff --git a/src/modest-text-utils.c b/src/modest-text-utils.c index 7032d07..8161ae5 100644 --- a/src/modest-text-utils.c +++ b/src/modest-text-utils.c @@ -454,7 +454,7 @@ modest_text_utils_convert_buffer_to_html_start (GString *html, const gchar *data guchar kar = data[i]; if (space_seen && kar != ' ') { - g_string_append (html, " "); + g_string_append (html, " "); space_seen = FALSE; } @@ -491,7 +491,6 @@ modest_text_utils_convert_buffer_to_html_start (GString *html, const gchar *data break_dist = 0; if (space_seen) { /* second space in a row */ g_string_append (html, "  "); - space_seen = FALSE; } else space_seen = TRUE; break; @@ -2010,16 +2009,35 @@ modest_text_utils_remove_duplicate_addresses_list (GSList *address_list) } gchar * -modest_text_utils_get_secure_header (gchar *value, +modest_text_utils_get_secure_header (const gchar *value, const gchar *header) { - gchar *new_value = value; + const gint max_len = 128; + gchar *new_value = NULL; gchar *needle = g_strrstr (value, header); - if (needle) { - gchar *tmp = value; + if (needle && value != needle) new_value = g_strdup (needle + strlen (header)); - g_free (tmp); + + if (!new_value) + new_value = g_strdup (value); + + /* Do a max length check to prevent DoS attacks caused by huge + malformed headers */ + if (g_utf8_validate (new_value, -1, NULL)) { + if (g_utf8_strlen (new_value, -1) > max_len) { + gchar *tmp = g_malloc0 (max_len * 4); + g_utf8_strncpy (tmp, (const gchar *) new_value, max_len); + g_free (new_value); + new_value = tmp; + } + } else { + if (strlen (new_value) > max_len) { + gchar *tmp = g_malloc0 (max_len); + strncpy (new_value, tmp, max_len); + g_free (new_value); + new_value = tmp; + } } return new_value;