amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-04-04 21:08:51 +00:00
Code Issues Projects Releases Wiki Activity

(test) handle sanitization before passing data to libxml

Browse Source
This commit is contained in:
Ludovic Marcotte
2016-12-06 14:05:27 -05:00
parent 0038e4bc60
commit 2a2ebd553e
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
SoObjects/SOGo/NSString+Utilities.m
View File

@@ -302,7 +302,8 @@ static int cssEscapingCount;
{
c = buf[i];
if (c == 0x9 ||
if (c == 0x0 ||
c == 0x9 ||
c == 0xA ||
c == 0xD ||
(c >= 0x20 && c <= 0xD7FF) ||

13
UI/MailPartViewers/UIxMailPartHTMLViewer.m
View File

@@ -28,6 +28,7 @@
#include <libxml/encoding.h>
#import <SoObjects/SOGo/NSString+Utilities.h>
#import <SoObjects/Mailer/SOGoMailObject.h>
#import <SoObjects/Mailer/SOGoMailBodyPart.h>
@@ -908,6 +909,8 @@ static NSData* _sanitizeContent(NSData *theData)
NSObject <SaxXMLReader> *parser;
NSData *preparsedContent;
SOGoMailObject *mail;
NSString *s;
xmlCharEncoding enc;
mail = [self clientObject];
@@ -926,8 +929,6 @@ static NSData* _sanitizeContent(NSData *theData)
enc = [self _xmlCharEncoding];
if (enc == XML_CHAR_ENCODING_ERROR)
{
NSString *s;
s = [NSString stringWithData: preparsedContent
usingEncodingNamed: [[bodyInfo objectForKey:@"parameterList"]
objectForKey: @"charset"]];
@@ -954,6 +955,14 @@ static NSData* _sanitizeContent(NSData *theData)
#endif
}
// Let's sanitize the string to make sure libxml doesn't go havoc
if (enc == XML_CHAR_ENCODING_UTF8)
{
s = [[NSString alloc] initWithData: preparsedContent encoding: NSUTF8StringEncoding];
preparsedContent = [[s safeString] dataUsingEncoding: NSUTF8StringEncoding];
RELEASE(s);
}
[handler setContentEncoding: enc];
[parser setContentHandler: handler];