Fixes NB#122697, prevent DoS attacks when replying to emails with malformed "Reply...

diff --git a/src/modest-text-utils.c b/src/modest-text-utils.c
index 7598f04..7032d07 100644 (file)
--- a/src/modest-text-utils.c
+++ b/src/modest-text-utils.c
@@ -2008,3 +2008,19 @@ modest_text_utils_remove_duplicate_addresses_list (GSList *address_list)
 
        return new_list;
 }
 
        return new_list;
 }

+
+gchar *
+modest_text_utils_get_secure_header (gchar *value,
+                                    const gchar *header)
+{
+       gchar *new_value = value;
+       gchar *needle = g_strrstr (value, header);
+
+       if (needle) {
+               gchar *tmp = value;
+               new_value = g_strdup (needle + strlen (header));
+               g_free (tmp);
+       }
+
+       return new_value;
+}

diff --git a/src/modest-text-utils.h b/src/modest-text-utils.h
index 3608935..ecd1c93 100644 (file)
--- a/src/modest-text-utils.h
+++ b/src/modest-text-utils.h
@@ -515,4 +515,17 @@ gchar *modest_text_utils_simplify_recipients (const gchar *recipient);
  */
 GSList *modest_text_utils_remove_duplicate_addresses_list (GSList *address_list);
 
  */
 GSList *modest_text_utils_remove_duplicate_addresses_list (GSList *address_list);
 

+/**
+ * modest_text_utils_get_secure_header:
+ * @value: the value of a mail header
+ * @header: the header that we're evaluating
+ *
+ * This function returns the secure value for a header. Basically it
+ * avoids DoS attacks caused by specially malformed headers like for
+ * example. From:From:From...From: some@mail.com
+ *
+ * Returns: returns the secured header
+ **/
+gchar * modest_text_utils_get_secure_header (gchar *value, const gchar *header);
+

 #endif /* __MODEST_TEXT_UTILS_H__ */
 #endif /* __MODEST_TEXT_UTILS_H__ */

diff --git a/src/modest-tny-msg.c b/src/modest-tny-msg.c
index 8e4c86f..82d257f 100644 (file)
--- a/src/modest-tny-msg.c
+++ b/src/modest-tny-msg.c
@@ -961,6 +961,8 @@ static gchar*
 get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
            ModestTnyMsgReplyMode reply_mode)
 {
 get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
            ModestTnyMsgReplyMode reply_mode)
 {

+       const gchar *reply_header = "Reply-To:";
+       const gchar *from_header = "From:";

        gchar* old_reply_to;
        gchar* old_from;
        gchar* new_to;
        gchar* old_reply_to;
        gchar* old_from;
        gchar* new_to;

@@ -981,13 +983,21 @@ get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
        old_reply_to = modest_tny_mime_part_get_header_value (TNY_MIME_PART(msg), 
                                                              "Reply-To"); 
        old_from     = tny_header_dup_from (header);
        old_reply_to = modest_tny_mime_part_get_header_value (TNY_MIME_PART(msg), 
                                                              "Reply-To"); 
        old_from     = tny_header_dup_from (header);

-       
+

        if (!old_from && !old_reply_to) {
                g_debug ("%s: failed to get either Reply-To: or From: from header",
                           __FUNCTION__);
                return NULL;
        }
        if (!old_from && !old_reply_to) {
                g_debug ("%s: failed to get either Reply-To: or From: from header",
                           __FUNCTION__);
                return NULL;
        }

-       
+
+       /* Prevent DoS attacks caused by malformed emails */
+       if (old_from)
+               old_from = modest_text_utils_get_secure_header (old_from,
+                                                               from_header);
+       if (old_reply_to)
+               old_reply_to = modest_text_utils_get_secure_header (old_reply_to,
+                                                                   reply_header);
+

        /* for mailing lists, use both Reply-To and From if we did a
         * 'Reply All:'
         * */
        /* for mailing lists, use both Reply-To and From if we did a
         * 'Reply All:'
         * */