X-Git-Url: http://git.maemo.org/git/?p=modest;a=blobdiff_plain;f=src%2Fmodest-tny-msg.c;h=90fa27ec89b73790d0275830eab38026f249332d;hp=3c17ced914df36bf80bc391c7210a5de408bf3d3;hb=b51a8d716cce846c1c6086aaffbebb4ebd36a256;hpb=ad35bb9cb28319c235ca94b707c09f087409f783

diff --git a/src/modest-tny-msg.c b/src/modest-tny-msg.c
index 3c17ced..90fa27e 100644
--- a/src/modest-tny-msg.c
+++ b/src/modest-tny-msg.c
@@ -383,7 +383,7 @@ add_images (TnyMsg *msg, GList *images_list, GError **err)
 
 		while (!tny_iterator_is_done (iter)) {
 			TnyMimePart *part = TNY_MIME_PART (tny_iterator_get_current (iter));
-			if (part && !g_strcasecmp (tny_mime_part_get_content_type (part), "multipart/related")) {
+			if (part && !g_ascii_strcasecmp (tny_mime_part_get_content_type (part), "multipart/related")) {
 				related_part = part;
 				break;
 			}
@@ -961,6 +961,8 @@ static gchar*
 get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
 	    ModestTnyMsgReplyMode reply_mode)
 {
+	const gchar *reply_header = "Reply-To:";
+	const gchar *from_header = "From:";
 	gchar* old_reply_to;
 	gchar* old_from;
 	gchar* new_to;
@@ -981,13 +983,25 @@ get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
 	old_reply_to = modest_tny_mime_part_get_header_value (TNY_MIME_PART(msg), 
 							      "Reply-To"); 
 	old_from     = tny_header_dup_from (header);
-	
+
 	if (!old_from && !old_reply_to) {
 		g_debug ("%s: failed to get either Reply-To: or From: from header",
 			   __FUNCTION__);
 		return NULL;
 	}
-	
+
+	/* Prevent DoS attacks caused by malformed emails */
+	if (old_from) {
+		gchar *tmp = old_from;
+		old_from = modest_text_utils_get_secure_header ((const gchar *) tmp, from_header);
+		g_free (tmp);
+	}
+	if (old_reply_to) {
+		gchar *tmp = old_reply_to;
+		old_reply_to = modest_text_utils_get_secure_header ((const gchar *) tmp, reply_header);
+		g_free (tmp);
+	}
+
 	/* for mailing lists, use both Reply-To and From if we did a
 	 * 'Reply All:'
 	 * */
@@ -1100,13 +1114,13 @@ modest_tny_msg_get_references (TnyMsg *msg, gchar **message_id, gchar **referenc
 
 		pair = TNY_PAIR (tny_iterator_get_current (iterator));
 		name = tny_pair_get_name (pair);
-		if (!g_strcasecmp (name, "References")) {
+		if (!g_ascii_strcasecmp (name, "References")) {
 			if (l_references) g_free (l_references);
 			l_references = g_strdup (tny_pair_get_value (pair));
-		} else if (!g_strcasecmp (name, "In-Reply-To")) {
+		} else if (!g_ascii_strcasecmp (name, "In-Reply-To")) {
 			if (l_in_reply_to) g_free (l_in_reply_to);
 			l_in_reply_to = g_strdup (tny_pair_get_value (pair));
-		} else if (!g_strcasecmp (name, "Message-ID")) {
+		} else if (!g_ascii_strcasecmp (name, "Message-ID")) {
 			if (l_message_id) g_free (l_message_id);
 			l_message_id = g_strdup (tny_pair_get_value (pair));
 		}
@@ -1359,6 +1373,15 @@ modest_tny_msg_header_get_all_recipients_list (TnyHeader *header)
 	recipients = modest_text_utils_split_addresses_list (after_remove);
 	g_free (after_remove);
 
+	if (from)
+		g_free (from);
+	if (to)
+		g_free (to);
+	if (cc)
+		g_free (cc);
+	if (bcc)
+		g_free (bcc);
+
 	return recipients;
 }