diff options
author | Matthew Barnes <mbarnes@redhat.com> | 2008-06-04 18:46:38 +0800 |
---|---|---|
committer | Matthew Barnes <mbarnes@src.gnome.org> | 2008-06-04 18:46:38 +0800 |
commit | eee236262005c4486e246dc77b9609ddc0fdfe09 (patch) | |
tree | 1a4df35ec414a23160b66d3968d106462e68727f /calendar/gui/itip-utils.c | |
parent | c1b28e2e05ac1790af041a6cb3cfdc4011baa002 (diff) | |
download | gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.gz gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.bz2 gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.lz gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.xz gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.zst gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.zip |
** Fixes security vulnerabilities CVE-2008-1108 and CVE-2008-1109
2008-06-04 Matthew Barnes <mbarnes@redhat.com>
** Fixes security vulnerabilities
CVE-2008-1108 and CVE-2008-1109
* calendar/gui/itip-utils.c (html_new_lines_for):
Do not use a fixed-size buffer for parsing external data.
Simplify the logic to just split and rejoin the string with a
different line separator.
* calendar/gui/e-itip-control.c (write_label_piece),
(write_recurrence_piece), (set_date_label):
Use a GString rather than a fixed-size buffer to build the HTML
string to avoid the possibility of an overflow.
svn path=/trunk/; revision=35594
Diffstat (limited to 'calendar/gui/itip-utils.c')
-rw-r--r-- | calendar/gui/itip-utils.c | 48 |
1 files changed, 7 insertions, 41 deletions
diff --git a/calendar/gui/itip-utils.c b/calendar/gui/itip-utils.c index cddb3d9b4f..cb29c5329b 100644 --- a/calendar/gui/itip-utils.c +++ b/calendar/gui/itip-utils.c @@ -172,50 +172,16 @@ get_attendee_if_attendee_sentby_is_user (GSList *attendees, char *address) } static char * -html_new_lines_for (char *string) +html_new_lines_for (const char *string) { - char *html_string = (char *) malloc (sizeof (char)* (3500)); - int length = strlen (string); - int index = 0; - char *index_ptr = string; - char *temp = string; - - /*Find the first occurence*/ - index_ptr = strstr ((const char *)temp, "\n"); - - /*Doesn't occur*/ - if (index_ptr == NULL) { - strcpy (html_string, (const char *)string); - html_string[length] = '\0'; - return html_string; - } - - /*Split into chunks inserting <br> for \n */ - do{ - while (temp != index_ptr){ - html_string[index++] = *temp; - temp++; - } - temp++; - - html_string[index++] = '<'; - html_string[index++] = 'b'; - html_string[index++] = 'r'; - html_string[index++] = '>'; - - index_ptr = strstr ((const char *)temp, "\n"); - - } while (index_ptr); - - /*Don't leave out the last chunk*/ - while (*temp != '\0'){ - html_string[index++] = *temp; - temp++; - } + gchar **lines; + gchar *joined; - html_string[index] = '\0'; + lines = g_strsplit_set (string, "\n", -1); + joined = g_strjoinv ("<br>", lines); + g_strfreev (lines); - return html_string; + return joined; } char * |