From: Jeffrey Stedfast Date: Fri, 17 Nov 2000 08:11:29 +0000 (+0000) Subject: When extracting a literal string, capture up until the end of the last X-Git-Tag: upstream/3.7.4~11293 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=78bb58faa6193833bf897a43a16d9419eb8b51a5;p=platform%2Fupstream%2Fevolution-data-server.git When extracting a literal string, capture up until the end of the last 2000-11-17 Jeffrey Stedfast * providers/imap/camel-imap-utils.c (imap_parse_nstring): When extracting a literal string, capture up until the end of the last line - this we we don't lose any data if the byte count is off. * providers/imap/camel-imap-command.c (imap_read_untagged): Use the byte-read count to decrement the number of bytes left to read rather than using strlen. Not only does this protect against a DoS (embedded NUL chars in the literal string would make strlen inaccurate) but it also improves performace a little. * camel-remote-store.c (remote_recv_line): *Sigh* Return the number of bytes read on success rather than 0. Also don't use camel_stream_buffer_read_line since we can't get an accurate octet count. --- diff --git a/camel/ChangeLog b/camel/ChangeLog index 38ec264..734bbbe 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,5 +1,9 @@ 2000-11-17 Jeffrey Stedfast + * providers/imap/camel-imap-utils.c (imap_parse_nstring): When + extracting a literal string, capture up until the end of the last + line - this we we don't lose any data if the byte count is off. + * providers/imap/camel-imap-command.c (imap_read_untagged): Use the byte-read count to decrement the number of bytes left to read rather than using strlen. Not only does this protect against a DoS diff --git a/camel/providers/imap/camel-imap-utils.c b/camel/providers/imap/camel-imap-utils.c index b38024e..0677c63 100644 --- a/camel/providers/imap/camel-imap-utils.c +++ b/camel/providers/imap/camel-imap-utils.c @@ -637,6 +637,10 @@ imap_parse_nstring (char **str_p, int *len) *str_p = NULL; return NULL; } + + /* capture up until the end of the line - byte count may be a little off */ + for ( ; *(str + *len) != '\n'; (*len)++); + out = g_strndup (str, *len); *str_p = str + *len; return out;