From 4b32de61d00bf5ae12d4179bede135fd2ded0f9c Mon Sep 17 00:00:00 2001 From: Jeffrey Stedfast Date: Wed, 12 Mar 2003 21:39:09 +0000 Subject: Security vulnerability fixes. 2003-03-12 Jeffrey Stedfast Security vulnerability fixes. * mail-display.c (do_external_viewer): Make sure that we don't launch a bonobo control to view a mime-type that we handle internally, otherwise maliciously formed HTML mail using tags could potentially launch a bonobo vontrol to view the mime part bypassing any checks that Evolution might do on the data normally. svn path=/trunk/; revision=20269 --- mail/ChangeLog | 7 +++++++ mail/mail-display.c | 5 +++++ 2 files changed, 12 insertions(+) (limited to 'mail') diff --git a/mail/ChangeLog b/mail/ChangeLog index 7b553f817e..a8be5524cc 100644 --- a/mail/ChangeLog +++ b/mail/ChangeLog @@ -2,6 +2,13 @@ Security vulnerability fixes. + * mail-display.c (do_external_viewer): Make sure that we don't + launch a bonobo control to view a mime-type that we handle + internally, otherwise maliciously formed HTML mail using + tags could potentially launch a bonobo vontrol to view the mime + part bypassing any checks that Evolution might do on the data + normally. + * mail-format.c (handle_text_html, attachment_header) (handle_image, handle_via_bonobo): Encode the result from get_cid() so that malicious Content-Id strings cannot bypass the diff --git a/mail/mail-display.c b/mail/mail-display.c index 83387bde92..955de714ea 100644 --- a/mail/mail-display.c +++ b/mail/mail-display.c @@ -1081,6 +1081,11 @@ do_external_viewer (GtkHTML *html, GtkHTMLEmbedded *eb, CORBA_Environment ev; CamelStreamMem *cstream; BonoboStream *bstream; + MailMimeHandler *handler; + + handler = mail_lookup_handler (eb->type); + if (!handler || handler->builtin) + return FALSE; component = gnome_vfs_mime_get_default_component (eb->type); if (!component) -- cgit v1.2.3