get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
ModestTnyMsgReplyMode reply_mode)
{
+ const gchar *reply_header = "Reply-To:";
+ const gchar *from_header = "From:";
gchar* old_reply_to;
gchar* old_from;
gchar* new_to;
old_reply_to = modest_tny_mime_part_get_header_value (TNY_MIME_PART(msg),
"Reply-To");
old_from = tny_header_dup_from (header);
-
+
if (!old_from && !old_reply_to) {
g_debug ("%s: failed to get either Reply-To: or From: from header",
__FUNCTION__);
return NULL;
}
-
+
+ /* Prevent DoS attacks caused by malformed emails */
+ if (old_from) {
+ gchar *tmp = old_from;
+ old_from = modest_text_utils_get_secure_header ((const gchar *) tmp, from_header);
+ g_free (tmp);
+ }
+ if (old_reply_to) {
+ gchar *tmp = old_reply_to;
+ old_reply_to = modest_text_utils_get_secure_header ((const gchar *) tmp, reply_header);
+ g_free (tmp);
+ }
+
/* for mailing lists, use both Reply-To and From if we did a
* 'Reply All:'
* */
recipients = modest_text_utils_split_addresses_list (after_remove);
g_free (after_remove);
+ if (from)
+ g_free (from);
+ if (to)
+ g_free (to);
+ if (cc)
+ g_free (cc);
+ if (bcc)
+ g_free (bcc);
+
return recipients;
}
projects / modest / blobdiff