return new_list;
}
+
+gchar *
+modest_text_utils_get_secure_header (gchar *value,
+ const gchar *header)
+{
+ gchar *new_value = value;
+ gchar *needle = g_strrstr (value, header);
+
+ if (needle) {
+ gchar *tmp = value;
+ new_value = g_strdup (needle + strlen (header));
+ g_free (tmp);
+ }
+
+ return new_value;
+}
*/
GSList *modest_text_utils_remove_duplicate_addresses_list (GSList *address_list);
+/**
+ * modest_text_utils_get_secure_header:
+ * @value: the value of a mail header
+ * @header: the header that we're evaluating
+ *
+ * This function returns the secure value for a header. Basically it
+ * avoids DoS attacks caused by specially malformed headers like for
+ * example. From:From:From...From: some@mail.com
+ *
+ * Returns: returns the secured header
+ **/
+gchar * modest_text_utils_get_secure_header (gchar *value, const gchar *header);
+
#endif /* __MODEST_TEXT_UTILS_H__ */
get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
ModestTnyMsgReplyMode reply_mode)
{
+ const gchar *reply_header = "Reply-To:";
+ const gchar *from_header = "From:";
gchar* old_reply_to;
gchar* old_from;
gchar* new_to;
old_reply_to = modest_tny_mime_part_get_header_value (TNY_MIME_PART(msg),
"Reply-To");
old_from = tny_header_dup_from (header);
-
+
if (!old_from && !old_reply_to) {
g_debug ("%s: failed to get either Reply-To: or From: from header",
__FUNCTION__);
return NULL;
}
-
+
+ /* Prevent DoS attacks caused by malformed emails */
+ if (old_from)
+ old_from = modest_text_utils_get_secure_header (old_from,
+ from_header);
+ if (old_reply_to)
+ old_reply_to = modest_text_utils_get_secure_header (old_reply_to,
+ reply_header);
+
/* for mailing lists, use both Reply-To and From if we did a
* 'Reply All:'
* */