From e14164702f1e20019996f4bbdf272843538de833 Mon Sep 17 00:00:00 2001 From: Jeffrey Stedfast Date: Fri, 17 Nov 2000 07:18:56 +0000 Subject: Use the byte-read count to decrement the number of bytes left to read 2000-11-17 Jeffrey Stedfast * providers/imap/camel-imap-command.c (imap_read_untagged): Use the byte-read count to decrement the number of bytes left to read rather than using strlen. Not only does this protect against a DoS (embedded NUL chars in the literal string would make strlen inaccurate) but it also improves performace a little. * camel-remote-store.c (remote_recv_line): *Sigh* Return the number of bytes read on success rather than 0. Also don't use camel_stream_buffer_read_line since we can't get an accurate octet count. svn path=/trunk/; revision=6599 --- camel/ChangeLog | 13 +++++++++++++ camel/camel-remote-store.c | 31 ++++++++++++++++++++++++++++--- camel/providers/imap/camel-imap-command.c | 10 +++++----- 3 files changed, 46 insertions(+), 8 deletions(-) (limited to 'camel') diff --git a/camel/ChangeLog b/camel/ChangeLog index d150562199..38ec264d57 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,16 @@ +2000-11-17 Jeffrey Stedfast + + * providers/imap/camel-imap-command.c (imap_read_untagged): Use + the byte-read count to decrement the number of bytes left to read + rather than using strlen. Not only does this protect against a DoS + (embedded NUL chars in the literal string would make strlen + inaccurate) but it also improves performace a little. + + * camel-remote-store.c (remote_recv_line): *Sigh* Return the + number of bytes read on success rather than 0. Also don't use + camel_stream_buffer_read_line since we can't get an accurate octet + count. + 2000-11-17 Not Zed * camel-stream-buffer.c (camel_stream_buffer_gets): We should diff --git a/camel/camel-remote-store.c b/camel/camel-remote-store.c index eeca0d4080..ee5bf60b10 100644 --- a/camel/camel-remote-store.c +++ b/camel/camel-remote-store.c @@ -404,10 +404,13 @@ camel_remote_store_send_stream (CamelRemoteStore *store, CamelStream *stream, Ca return CRSC (store)->send_stream (store, stream, ex); } -static gint +static int remote_recv_line (CamelRemoteStore *store, char **dest, CamelException *ex) { CamelStreamBuffer *stream = CAMEL_STREAM_BUFFER (store->istream); + GByteArray *bytes; + gchar buf[1024], *ret; + guint nread; *dest = NULL; @@ -428,7 +431,29 @@ remote_recv_line (CamelRemoteStore *store, char **dest, CamelException *ex) return -1; } - *dest = camel_stream_buffer_read_line (stream); + bytes = g_byte_array_new (); + + nread = 1024; + while (nread == 1024) { + nread = camel_stream_buffer_gets (stream, buf, 1024); + if (nread > 0) + g_byte_array_append (bytes, buf, nread - 1); + } + + g_byte_array_append (bytes, "", 1); + ret = bytes->data; + nread = bytes->len - 1; + g_byte_array_free (bytes, FALSE); + + /* strip off the CRLF sequence at the end of the string */ + for ( ; nread > 0; nread--) { + if (ret[nread] == '\r') { + ret[nread] = '\0'; + break; + } + } + + *dest = ret; if (!*dest) { camel_exception_set (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE, @@ -443,7 +468,7 @@ remote_recv_line (CamelRemoteStore *store, char **dest, CamelException *ex) fprintf (stderr, "received: %s\n", *dest); #endif - return 0; + return nread; } /** diff --git a/camel/providers/imap/camel-imap-command.c b/camel/providers/imap/camel-imap-command.c index e9808d5a1f..f1be74b4a9 100644 --- a/camel/providers/imap/camel-imap-command.c +++ b/camel/providers/imap/camel-imap-command.c @@ -239,6 +239,7 @@ imap_read_untagged (CamelImapStore *store, char *line, CamelException *ex) int fulllen, length, left, i; GPtrArray *data; char *end, *p; + int n; p = strrchr (line, '{'); if (!p) @@ -257,8 +258,7 @@ imap_read_untagged (CamelImapStore *store, char *line, CamelException *ex) g_ptr_array_add (data, line); left = length; while (1) { - if (camel_remote_store_recv_line (CAMEL_REMOTE_STORE (store), - &line, ex) < 0) { + if ((n = camel_remote_store_recv_line (CAMEL_REMOTE_STORE (store), &line, ex)) < 0) { for (i = 0; i < data->len; i++) g_free (data->pdata[i]); g_ptr_array_free (data, TRUE); @@ -268,9 +268,9 @@ imap_read_untagged (CamelImapStore *store, char *line, CamelException *ex) if (left <= 0) break; - - left -= strlen (line) + 2; - + + left -= n + 2; + /* The output string will have only LF, not CRLF, so * decrement the length by one. */ -- cgit v1.2.3