diff --git a/ChangeLog b/ChangeLog index 7258ed874..2292cf557 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2008-09-04 Wolfgang Sourdeau + + * UI/MailPartViewers/UIxMailPartTextViewer.m (convertChars): + fixed a buffer overflow. Incremented the buffer size to 8192. + 2008-09-02 Wolfgang Sourdeau * SoObjects/Mailer/SOGoMailManager.m ([NGImap diff --git a/SOPE/sope-patchset-r1626.diff b/SOPE/sope-patchset-r1626.diff index 4cc855259..9428c12ab 100644 --- a/SOPE/sope-patchset-r1626.diff +++ b/SOPE/sope-patchset-r1626.diff @@ -604,7 +604,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m static __inline__ NSException *_consumeIfMatch (NGImap4ResponseParser *self, unsigned char _m); -@@ -649,12 +652,35 @@ +@@ -649,12 +652,37 @@ } - (NSString *)_parseQuotedString { @@ -635,14 +635,16 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m + quotedString = nil; + } + -+ [quotedString replaceString:@"?=\t=?" -+ withString:@"?==?"]; ++ if ([quotedString rangeOfString: @"=?"].location != NSNotFound) { ++ [quotedString replaceString: @"?= =?" withString: @"?==?"]; ++ [quotedString replaceString: @"?=\t=?" withString: @"?==?"]; ++ } + + return quotedString; } - (void)_consumeOptionalSpace { if (_la(self, 0) == ' ') _consume(self, 1); -@@ -1090,6 +1116,8 @@ +@@ -1090,6 +1118,8 @@ return @""; s = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; @@ -651,7 +653,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m if (s == nil) { [self logWithFormat: @"ERROR(%s): could not convert data (%d bytes) into string.", -@@ -1185,7 +1213,7 @@ +@@ -1185,7 +1215,7 @@ route = [self _parseQuotedStringOrNIL]; [self _consumeOptionalSpace]; mailbox = [self _parseQuotedStringOrNIL]; [self _consumeOptionalSpace]; host = [self _parseQuotedStringOrNIL]; [self _consumeOptionalSpace]; @@ -660,7 +662,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m if (_la(self, 0) != ')') { [self logWithFormat:@"WARNING: IMAP4 envelope " @"address not properly closed (c0=%c,c1=%c): %@", -@@ -1197,6 +1225,7 @@ +@@ -1197,6 +1227,7 @@ address = [[NGImap4EnvelopeAddress alloc] initWithPersonalName:pname sourceRoute:route mailbox:mailbox host:host]; @@ -668,7 +670,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m return address; } -@@ -1594,8 +1623,11 @@ +@@ -1594,8 +1625,11 @@ if (_decode) data = [data decodeQuotedPrintableValueOfMIMEHeaderField:nil]; @@ -682,7 +684,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m } else { str = _parseUntil2(self, ' ', ')'); -@@ -1620,13 +1652,35 @@ +@@ -1620,13 +1654,35 @@ return str; } @@ -719,7 +721,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m static NSDictionary *_parseBodyParameterList(NGImap4ResponseParser *self) { NSMutableDictionary *list; -@@ -1646,7 +1700,7 @@ +@@ -1646,7 +1702,7 @@ _consumeIfMatch(self, ' '); value = _parseBodyDecodeString(self, YES, YES); @@ -728,7 +730,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m } _consumeIfMatch(self, ')'); } -@@ -1731,13 +1785,14 @@ +@@ -1731,13 +1787,14 @@ static NSDictionary *_parseSingleBody(NGImap4ResponseParser *self, BOOL isBodyStructure) { NSString *type, *subtype, *bodyId, *description, @@ -745,7 +747,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m _consumeIfMatch(self, ' '); parameterList = _parseBodyParameterList(self); _consumeIfMatch(self, ' '); -@@ -1762,13 +1817,18 @@ +@@ -1762,13 +1819,18 @@ _consumeIfMatch(self, ' '); [dict setObject:_parseBodyString(self, YES) forKey:@"lines"]; } @@ -767,7 +769,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m _consumeIfMatch(self, ' '); [dict setObject:_parseParenthesizedAddressList(self) forKey:@"from"]; _consumeIfMatch(self, ' '); -@@ -1783,14 +1843,20 @@ +@@ -1783,14 +1845,20 @@ _consumeIfMatch(self, ' '); [dict setObject:_parseParenthesizedAddressList(self) forKey:@"bcc"]; _consumeIfMatch(self, ' '); @@ -791,7 +793,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m } } -@@ -1805,14 +1871,9 @@ +@@ -1805,14 +1873,9 @@ forKey: @"disposition"]; if (_la(self, 0) != ')') { _consume(self,1); @@ -809,7 +811,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m if (_la(self, 0) != ')') { _consume(self,1); [dict setObject: _parseBodyString(self, YES) -@@ -1829,6 +1890,7 @@ +@@ -1829,6 +1892,7 @@ static NSDictionary *_parseMultipartBody(NGImap4ResponseParser *self, BOOL isBodyStructure) { NSMutableArray *parts; @@ -817,7 +819,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m NSString *kind; NSMutableDictionary *dict; -@@ -1854,14 +1916,9 @@ +@@ -1854,14 +1918,9 @@ forKey: @"disposition"]; if (_la(self, 0) != ')') { _consume(self,1); @@ -835,7 +837,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m if (_la(self, 0) != ')') { _consume(self,1); [dict setObject: _parseBodyString(self, YES) -@@ -2170,6 +2227,21 @@ +@@ -2170,6 +2229,21 @@ } } @@ -857,7 +859,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m - (NSException *)exceptionForFailedMatch:(unsigned char)_match got:(unsigned char)_avail { -@@ -2225,9 +2297,9 @@ +@@ -2225,9 +2299,9 @@ [s release]; if (c == '\n') { diff --git a/UI/MailPartViewers/UIxMailPartTextViewer.m b/UI/MailPartViewers/UIxMailPartTextViewer.m index c8d203479..99df539f4 100644 --- a/UI/MailPartViewers/UIxMailPartTextViewer.m +++ b/UI/MailPartViewers/UIxMailPartTextViewer.m @@ -44,51 +44,51 @@ @implementation NSString (SOGoMailUIExtension) +#define paddingBuffer 8192 + static inline char * convertChars (const char *oldString, unsigned int oldLength, unsigned int *newLength) { const char *currentChar, *upperLimit; char *newString, *destChar, *reallocated; - unsigned int length, maxLength, iteration; - - maxLength = oldLength + 500; - newString = malloc (maxLength); + unsigned int length, maxLength; + + maxLength = oldLength + paddingBuffer; + newString = malloc (maxLength + 1); destChar = newString; currentChar = oldString; length = 0; - iteration = 0; upperLimit = oldString + oldLength; while (currentChar < upperLimit) { - if (*currentChar != '\r') + switch (*currentChar) { - if (*currentChar == '\n') + case '\r': break; + case '\n': + length = destChar - newString; + if (length + paddingBuffer > maxLength - 6) { - length = destChar - newString; - if ((length + (6 * iteration) + 500) > maxLength) + maxLength += paddingBuffer; + reallocated = realloc (newString, maxLength + 1); + if (reallocated) { - maxLength = length + (iteration * 6) + 500; - reallocated = realloc (newString, maxLength); - if (reallocated) - newString = reallocated; - else - [NSException raise: NSMallocException - format: @"reallocation failed in %s", - __PRETTY_FUNCTION__]; + newString = reallocated; destChar = newString + length; } - strcpy (destChar, "
"); - destChar += 6; - iteration++; - } - else - { - *destChar = *currentChar; - destChar++; + else + [NSException raise: NSMallocException + format: @"reallocation failed in %s", + __PRETTY_FUNCTION__]; } + strcpy (destChar, "
"); + destChar += 6; + break; + default: + *destChar = *currentChar; + destChar++; } currentChar++; } diff --git a/UI/MailerUI/UIxMailView.m b/UI/MailerUI/UIxMailView.m index ae248ce1f..ca7077408 100644 --- a/UI/MailerUI/UIxMailView.m +++ b/UI/MailerUI/UIxMailView.m @@ -65,10 +65,6 @@ static NSString *mailETag = nil; } } -- (void)dealloc { - [super dealloc]; -} - /* accessors */ - (void) setCurrentAddress: (id) _addr