X-Git-Url: http://git.maemo.org/git/?p=modest;a=blobdiff_plain;f=src%2Fmodest-tny-msg.c;h=90fa27ec89b73790d0275830eab38026f249332d;hp=8e4c86f73a4f5c0bebca54c734fcae05d4e54a06;hb=87f15c1e87208d058d1fe715cf149bfdb9acab5e;hpb=a9fd15b0768255b183d8ce664edd9ee83a045df4

diff --git a/src/modest-tny-msg.c b/src/modest-tny-msg.c
index 8e4c86f..90fa27e 100644
--- a/src/modest-tny-msg.c
+++ b/src/modest-tny-msg.c
@@ -961,6 +961,8 @@ static gchar*
 get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
 	    ModestTnyMsgReplyMode reply_mode)
 {
+	const gchar *reply_header = "Reply-To:";
+	const gchar *from_header = "From:";
 	gchar* old_reply_to;
 	gchar* old_from;
 	gchar* new_to;
@@ -981,13 +983,25 @@ get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
 	old_reply_to = modest_tny_mime_part_get_header_value (TNY_MIME_PART(msg), 
 							      "Reply-To"); 
 	old_from     = tny_header_dup_from (header);
-	
+
 	if (!old_from && !old_reply_to) {
 		g_debug ("%s: failed to get either Reply-To: or From: from header",
 			   __FUNCTION__);
 		return NULL;
 	}
-	
+
+	/* Prevent DoS attacks caused by malformed emails */
+	if (old_from) {
+		gchar *tmp = old_from;
+		old_from = modest_text_utils_get_secure_header ((const gchar *) tmp, from_header);
+		g_free (tmp);
+	}
+	if (old_reply_to) {
+		gchar *tmp = old_reply_to;
+		old_reply_to = modest_text_utils_get_secure_header ((const gchar *) tmp, reply_header);
+		g_free (tmp);
+	}
+
 	/* for mailing lists, use both Reply-To and From if we did a
 	 * 'Reply All:'
 	 * */
@@ -1359,6 +1373,15 @@ modest_tny_msg_header_get_all_recipients_list (TnyHeader *header)
 	recipients = modest_text_utils_split_addresses_list (after_remove);
 	g_free (after_remove);
 
+	if (from)
+		g_free (from);
+	if (to)
+		g_free (to);
+	if (cc)
+		g_free (cc);
+	if (bcc)
+		g_free (bcc);
+
 	return recipients;
 }