X-Git-Url: http://git.maemo.org/git/?p=modest;a=blobdiff_plain;f=src%2Fmodest-tny-msg.c;h=90fa27ec89b73790d0275830eab38026f249332d;hp=b7de9db59c0d61766f930ecb865d3ed0f5568df1;hb=b6021c433dd0ecec843ed83819296a253023313a;hpb=e2769fe7a2bfef7080c538f3f98f6fd5520f45ac diff --git a/src/modest-tny-msg.c b/src/modest-tny-msg.c index b7de9db..90fa27e 100644 --- a/src/modest-tny-msg.c +++ b/src/modest-tny-msg.c @@ -334,8 +334,8 @@ add_attachments (TnyMimePart *part, GList *attachments_list, gboolean add_inline old_attachment = pos->data; if (!tny_mime_part_is_purged (old_attachment)) { - const gchar *old_cid; - old_cid = tny_mime_part_get_content_id (old_attachment); + gchar *old_cid; + old_cid = g_strdup (tny_mime_part_get_content_id (old_attachment)); attachment_part = copy_mime_part (old_attachment, err); if (attachment_part != NULL) { if (add_inline) { @@ -359,6 +359,7 @@ add_attachments (TnyMimePart *part, GList *attachments_list, gboolean add_inline tny_mime_part_set_content_id (attachment_part, old_cid); g_object_unref (attachment_part); } + g_free (old_cid); } } return attached; @@ -382,7 +383,7 @@ add_images (TnyMsg *msg, GList *images_list, GError **err) while (!tny_iterator_is_done (iter)) { TnyMimePart *part = TNY_MIME_PART (tny_iterator_get_current (iter)); - if (part && !g_strcasecmp (tny_mime_part_get_content_type (part), "multipart/related")) { + if (part && !g_ascii_strcasecmp (tny_mime_part_get_content_type (part), "multipart/related")) { related_part = part; break; } @@ -960,6 +961,8 @@ static gchar* get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from, ModestTnyMsgReplyMode reply_mode) { + const gchar *reply_header = "Reply-To:"; + const gchar *from_header = "From:"; gchar* old_reply_to; gchar* old_from; gchar* new_to; @@ -980,13 +983,25 @@ get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from, old_reply_to = modest_tny_mime_part_get_header_value (TNY_MIME_PART(msg), "Reply-To"); old_from = tny_header_dup_from (header); - + if (!old_from && !old_reply_to) { g_debug ("%s: failed to get either Reply-To: or From: from header", __FUNCTION__); return NULL; } - + + /* Prevent DoS attacks caused by malformed emails */ + if (old_from) { + gchar *tmp = old_from; + old_from = modest_text_utils_get_secure_header ((const gchar *) tmp, from_header); + g_free (tmp); + } + if (old_reply_to) { + gchar *tmp = old_reply_to; + old_reply_to = modest_text_utils_get_secure_header ((const gchar *) tmp, reply_header); + g_free (tmp); + } + /* for mailing lists, use both Reply-To and From if we did a * 'Reply All:' * */ @@ -1099,13 +1114,13 @@ modest_tny_msg_get_references (TnyMsg *msg, gchar **message_id, gchar **referenc pair = TNY_PAIR (tny_iterator_get_current (iterator)); name = tny_pair_get_name (pair); - if (!g_strcasecmp (name, "References")) { + if (!g_ascii_strcasecmp (name, "References")) { if (l_references) g_free (l_references); l_references = g_strdup (tny_pair_get_value (pair)); - } else if (!g_strcasecmp (name, "In-Reply-To")) { + } else if (!g_ascii_strcasecmp (name, "In-Reply-To")) { if (l_in_reply_to) g_free (l_in_reply_to); l_in_reply_to = g_strdup (tny_pair_get_value (pair)); - } else if (!g_strcasecmp (name, "Message-ID")) { + } else if (!g_ascii_strcasecmp (name, "Message-ID")) { if (l_message_id) g_free (l_message_id); l_message_id = g_strdup (tny_pair_get_value (pair)); } @@ -1358,6 +1373,15 @@ modest_tny_msg_header_get_all_recipients_list (TnyHeader *header) recipients = modest_text_utils_split_addresses_list (after_remove); g_free (after_remove); + if (from) + g_free (from); + if (to) + g_free (to); + if (cc) + g_free (cc); + if (bcc) + g_free (bcc); + return recipients; }