From f67eb8f79172e77dadb0c02636409e087856baeb Mon Sep 17 00:00:00 2001
From: Peter Williams <peterw@src.gnome.org>
Date: Mon, 31 Jul 2000 19:57:49 +0000
Subject: A few string overrun checks for the mime parser

svn path=/trunk/; revision=4427
---
 camel/ChangeLog          | 17 ++++++++++++++++-
 camel/camel-mime-utils.c | 10 +++++-----
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/camel/ChangeLog b/camel/ChangeLog
index bad736e339..ea59fd9f79 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -52,6 +52,19 @@
 	item specifier for the header lines we need, appropriate to the
 	server level.
 
+2000-07-27  Peter Williams <peterw@helixcode.com>
+
+	* camel-mime-utils.c (header_decode_lwsp): More
+	checks for end of string.
+
+	* providers/imap/camel-imap-store.c:
+	(imap_command_extended): Free the elements of our
+	array (huge mem leak)
+
+	* providers/imap/camel-imap-folder.c:
+	(summary_get_internal): Same as above.
+	
+
 2000-07-27  Jeffrey Stedfast  <fejj@helixcode.com>
 
 	* providers/imap/camel-imap-folder.c (camel_imap_folder_changed):
@@ -105,7 +118,9 @@
 	* camel-mime-utils.c (header_references_decode): Return
 	if the header is NULL -> or "" <-. Don't do our stupid
 	mailer trick if we point to \0.
-
+	(header_decode_quoted_string): Don't rip past end of 
+	string!
+	
 2000-07-26  Dan Winship  <danw@helixcode.com>
 
 	* camel-movemail.c (movemail_external): routine to call an
diff --git a/camel/camel-mime-utils.c b/camel/camel-mime-utils.c
index e6b7e0350b..edfda90ed8 100644
--- a/camel/camel-mime-utils.c
+++ b/camel/camel-mime-utils.c
@@ -794,8 +794,8 @@ header_decode_lwsp(const char **in)
 
 	d2(printf("is ws: '%s'\n", *in));
 
-	while (is_lwsp(*inptr) || *inptr =='(') {
-		while (is_lwsp(*inptr)) {
+	while (is_lwsp(*inptr) || *inptr =='(' && *inptr != '\0') {
+		while (is_lwsp(*inptr) && inptr != '\0') {
 			d2(printf("(%c)", *inptr));
 			inptr++;
 		}
@@ -805,7 +805,7 @@ header_decode_lwsp(const char **in)
 		if (*inptr == '(') {
 			int depth = 1;
 			inptr++;
-			while (depth && (c=*inptr)) {
+			while (depth && (c=*inptr) && *inptr != '\0') {
 				if (c=='\\' && inptr[1]) {
 					inptr++;
 				} else if (c=='(') {
@@ -1122,7 +1122,7 @@ header_decode_quoted_string(const char **in)
 		/* first, calc length */
 		inptr++;
 		intmp = inptr;
-		while ( (c = *intmp++) && c!= '"' ) {
+		while ( (c = *intmp++) && c!= '"' && c != '\0') {
 			if (c=='\\' && *intmp) {
 				intmp++;
 				skip++;
@@ -1130,7 +1130,7 @@ header_decode_quoted_string(const char **in)
 		}
 		outlen = intmp-inptr-skip;
 		out = outptr = g_malloc(outlen+1);
-		while ( (c = *inptr++) && c!= '"' ) {
+		while ( (c = *inptr++) && c!= '"' && c != '\0') {
 			if (c=='\\' && *inptr) {
 				c = *inptr++;
 			}
-- 
cgit v1.2.3