X-Git-Url: http://git.maemo.org/git/?p=modest;a=blobdiff_plain;f=src%2Fmodest-tny-msg.c;h=90fa27ec89b73790d0275830eab38026f249332d;hp=78b4b75ccd64006b95578ff443cfa51947c9b1ec;hb=30eec4a53fa8e90ee9a26b202f5bffb28315b65d;hpb=4d39841513a3a7f7aa9d38ab97cb9fcc9171e80b

diff --git a/src/modest-tny-msg.c b/src/modest-tny-msg.c
index 78b4b75..90fa27e 100644
--- a/src/modest-tny-msg.c
+++ b/src/modest-tny-msg.c
@@ -334,8 +334,8 @@ add_attachments (TnyMimePart *part, GList *attachments_list, gboolean add_inline
 
 		old_attachment = pos->data;
 		if (!tny_mime_part_is_purged (old_attachment)) {
-			const gchar *old_cid;
-			old_cid = tny_mime_part_get_content_id (old_attachment);
+			gchar *old_cid;
+			old_cid = g_strdup (tny_mime_part_get_content_id (old_attachment));
 			attachment_part = copy_mime_part (old_attachment, err);
 			if (attachment_part != NULL) {
 				if (add_inline) {
@@ -359,6 +359,7 @@ add_attachments (TnyMimePart *part, GList *attachments_list, gboolean add_inline
 					tny_mime_part_set_content_id (attachment_part, old_cid);
 				g_object_unref (attachment_part);
 			}
+			g_free (old_cid);
 		}
 	}
 	return attached;
@@ -382,7 +383,7 @@ add_images (TnyMsg *msg, GList *images_list, GError **err)
 
 		while (!tny_iterator_is_done (iter)) {
 			TnyMimePart *part = TNY_MIME_PART (tny_iterator_get_current (iter));
-			if (part && !g_strcasecmp (tny_mime_part_get_content_type (part), "multipart/related")) {
+			if (part && !g_ascii_strcasecmp (tny_mime_part_get_content_type (part), "multipart/related")) {
 				related_part = part;
 				break;
 			}
@@ -920,6 +921,38 @@ count_addresses (const gchar* addresses)
 	return count;
 }
 
+static void
+remove_undisclosed_recipients (gchar **recipients)
+{
+	GSList *addresses, *node;
+	gboolean is_first;
+	GString *result;
+
+	g_return_if_fail (recipients);
+	addresses = modest_text_utils_split_addresses_list (*recipients);
+
+	is_first = TRUE;
+	result = g_string_new ("");
+	for (node = addresses; node != NULL; node = g_slist_next (node)) {
+		const gchar *address = (const gchar *) node->data;
+
+		if (address && strstr (address, "undisclosed-recipients"))
+			continue;
+
+		if (is_first)
+			is_first = FALSE;
+		else
+			result = g_string_append (result, ", ");
+
+		result = g_string_append (result, address);
+	}
+	g_slist_foreach (addresses, (GFunc)g_free, NULL);
+	g_slist_free (addresses);
+
+	g_free (*recipients);
+	*recipients = g_string_free (result, FALSE);
+}
+
 
 /* get the new To:, based on the old header,
  * result is newly allocated or NULL in case of error
@@ -928,6 +961,8 @@ static gchar*
 get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
 	    ModestTnyMsgReplyMode reply_mode)
 {
+	const gchar *reply_header = "Reply-To:";
+	const gchar *from_header = "From:";
 	gchar* old_reply_to;
 	gchar* old_from;
 	gchar* new_to;
@@ -948,13 +983,25 @@ get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
 	old_reply_to = modest_tny_mime_part_get_header_value (TNY_MIME_PART(msg), 
 							      "Reply-To"); 
 	old_from     = tny_header_dup_from (header);
-	
+
 	if (!old_from && !old_reply_to) {
 		g_debug ("%s: failed to get either Reply-To: or From: from header",
 			   __FUNCTION__);
 		return NULL;
 	}
-	
+
+	/* Prevent DoS attacks caused by malformed emails */
+	if (old_from) {
+		gchar *tmp = old_from;
+		old_from = modest_text_utils_get_secure_header ((const gchar *) tmp, from_header);
+		g_free (tmp);
+	}
+	if (old_reply_to) {
+		gchar *tmp = old_reply_to;
+		old_reply_to = modest_text_utils_get_secure_header ((const gchar *) tmp, reply_header);
+		g_free (tmp);
+	}
+
 	/* for mailing lists, use both Reply-To and From if we did a
 	 * 'Reply All:'
 	 * */
@@ -996,6 +1043,7 @@ get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
 	}
 
 	tmp = modest_text_utils_simplify_recipients (new_to);
+	remove_undisclosed_recipients  (&tmp);
 	g_free (new_to);
 	new_to = tmp;
 
@@ -1006,7 +1054,7 @@ get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
 /* get the new Cc:, based on the old header,
  * result is newly allocated or NULL in case of error */
 static gchar*
-get_new_cc (TnyHeader *header, const gchar* from)
+get_new_cc (TnyHeader *header, const gchar* from, const gchar *new_to)
 {
 	gchar *old_cc, *result, *dup;
 
@@ -1016,8 +1064,27 @@ get_new_cc (TnyHeader *header, const gchar* from)
 
 	/* remove me (the new From:) from the Cc: list */
 	dup =  modest_text_utils_remove_address (old_cc, from);
+
+	if (new_to) {
+		gchar **to_parts, **current;
+
+		to_parts = g_strsplit (new_to, ",", 0);
+		for (current = to_parts; current && *current != '\0'; current++) {
+			gchar *dup2;
+
+			dup2 = modest_text_utils_remove_address (dup, g_strstrip (*current));
+			g_free (dup);
+			dup = dup2;
+		}
+		g_strfreev (to_parts);
+	}
+
 	result = modest_text_utils_remove_duplicate_addresses (dup);
 	g_free (dup);
+	dup = result;
+	result = modest_text_utils_simplify_recipients (dup);
+	remove_undisclosed_recipients  (&result);
+	g_free (dup);
 	g_free (old_cc);
 	return result;
 }
@@ -1047,13 +1114,13 @@ modest_tny_msg_get_references (TnyMsg *msg, gchar **message_id, gchar **referenc
 
 		pair = TNY_PAIR (tny_iterator_get_current (iterator));
 		name = tny_pair_get_name (pair);
-		if (!g_strcasecmp (name, "References")) {
+		if (!g_ascii_strcasecmp (name, "References")) {
 			if (l_references) g_free (l_references);
 			l_references = g_strdup (tny_pair_get_value (pair));
-		} else if (!g_strcasecmp (name, "In-Reply-To")) {
+		} else if (!g_ascii_strcasecmp (name, "In-Reply-To")) {
 			if (l_in_reply_to) g_free (l_in_reply_to);
 			l_in_reply_to = g_strdup (tny_pair_get_value (pair));
-		} else if (!g_strcasecmp (name, "Message-ID")) {
+		} else if (!g_ascii_strcasecmp (name, "Message-ID")) {
 			if (l_message_id) g_free (l_message_id);
 			l_message_id = g_strdup (tny_pair_get_value (pair));
 		}
@@ -1171,17 +1238,19 @@ modest_tny_msg_create_reply_msg (TnyMsg *msg,
 		g_debug ("%s: failed to get new To:", __FUNCTION__);
 	else {
 		tny_header_set_to (new_header, new_to);
-		g_free (new_to);
 	}
 
 	if (reply_mode == MODEST_TNY_MSG_REPLY_MODE_ALL) {
-		gchar *new_cc = get_new_cc (header, from);
+		gchar *new_cc = get_new_cc (header, from, new_to);
 		if (new_cc) { 
 			tny_header_set_cc (new_header, new_cc);
 			g_free (new_cc);
 		}
 	}
 
+	if (new_to)
+		g_free (new_to);
+
 	/* Clean */
 	g_object_unref (G_OBJECT (new_header));
 	g_object_unref (G_OBJECT (header));
@@ -1304,6 +1373,15 @@ modest_tny_msg_header_get_all_recipients_list (TnyHeader *header)
 	recipients = modest_text_utils_split_addresses_list (after_remove);
 	g_free (after_remove);
 
+	if (from)
+		g_free (from);
+	if (to)
+		g_free (to);
+	if (cc)
+		g_free (cc);
+	if (bcc)
+		g_free (bcc);
+
 	return recipients;
 }