X-Git-Url: http://git.maemo.org/git/?p=modest;a=blobdiff_plain;f=src%2Fmodest-text-utils.c;h=5b7c0bdda4987c18889e1e02416c75c9c4bcc023;hp=99c4bf61c492c6b6832011a838d16b87bbe71111;hb=4bff54e275785cc7e7f2edd32ac17f8771d104ac;hpb=5f595ed317f7b7c135d411d58c5544fc9fb3dd46

diff --git a/src/modest-text-utils.c b/src/modest-text-utils.c
index 99c4bf6..5b7c0bd 100644
--- a/src/modest-text-utils.c
+++ b/src/modest-text-utils.c
@@ -1938,6 +1938,7 @@ modest_text_utils_simplify_recipients (const gchar *recipients)
 	for (node = addresses; node != NULL; node = g_slist_next (node)) {
 		const gchar *address = (const gchar *) node->data;
 		gchar *left_limit, *right_limit;
+
 		left_limit = strstr (address, "<");
 		right_limit = g_strrstr (address, ">");
 
@@ -2007,3 +2008,38 @@ modest_text_utils_remove_duplicate_addresses_list (GSList *address_list)
 
 	return new_list;
 }
+
+gchar *
+modest_text_utils_get_secure_header (const gchar *value,
+				     const gchar *header)
+{
+	const gint max_len = 128;
+	gchar *new_value = NULL;
+	gchar *needle = g_strrstr (value, header);
+
+	if (needle && value != needle)
+		new_value = g_strdup (needle + strlen (header));
+
+	if (!new_value)
+		new_value = g_strdup (value);
+
+	/* Do a max length check to prevent DoS attacks caused by huge
+	   malformed headers */
+	if (g_utf8_validate (new_value, -1, NULL)) {
+		if (g_utf8_strlen (new_value, -1) > max_len) {
+			gchar *tmp = g_malloc0 (max_len * 4);
+			g_utf8_strncpy (tmp, (const gchar *) new_value, max_len);
+			g_free (new_value);
+			new_value = tmp;
+		}
+	} else {
+		if (strlen (new_value) > max_len) {
+			gchar *tmp = g_malloc0 (max_len);
+			strncpy (new_value, tmp, max_len);
+			g_free (new_value);
+			new_value = tmp;
+		}
+	}
+
+	return new_value;
+}