From 0cd3089513a39e5717d75597391130b4130f17ff Mon Sep 17 00:00:00 2001
From: Wolfgang Sourdeau <wsourdeau@inverse.ca>
Date: Thu, 4 Sep 2008 04:31:59 +0000
Subject: [PATCH 1/3] Monotone-Parent: 34eb92128b8ce40ea590eedcbe2b203f173bb8f9
 Monotone-Revision: 29cab050b6cbbacab8016696a0af703cc5988d64

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2008-09-04T04:31:59
Monotone-Branch: ca.inverse.sogo
---
 UI/MailerUI/UIxMailView.m | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/UI/MailerUI/UIxMailView.m b/UI/MailerUI/UIxMailView.m
index ae248ce1f..ca7077408 100644
--- a/UI/MailerUI/UIxMailView.m
+++ b/UI/MailerUI/UIxMailView.m
@@ -65,10 +65,6 @@ static NSString *mailETag = nil;
     }
 }
 
-- (void)dealloc {
-  [super dealloc];
-}
-
 /* accessors */
 
 - (void) setCurrentAddress: (id) _addr

From 95bba25b95c5510b614776eb737bf891391cf420 Mon Sep 17 00:00:00 2001
From: Wolfgang Sourdeau <wsourdeau@inverse.ca>
Date: Thu, 4 Sep 2008 05:49:37 +0000
Subject: [PATCH 2/3] Monotone-Parent: 29cab050b6cbbacab8016696a0af703cc5988d64
 Monotone-Revision: b4864301d33bcd83b867c526d61b7fbf700afd5a

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2008-09-04T05:49:37
Monotone-Branch: ca.inverse.sogo
---
 SOPE/sope-patchset-r1626.diff | 36 ++++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/SOPE/sope-patchset-r1626.diff b/SOPE/sope-patchset-r1626.diff
index 4cc855259..9428c12ab 100644
--- a/SOPE/sope-patchset-r1626.diff
+++ b/SOPE/sope-patchset-r1626.diff
@@ -604,7 +604,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
  
  static __inline__ NSException *_consumeIfMatch
    (NGImap4ResponseParser *self, unsigned char _m);
-@@ -649,12 +652,35 @@
+@@ -649,12 +652,37 @@
  }
  
  - (NSString *)_parseQuotedString {
@@ -635,14 +635,16 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
 +    quotedString = nil;
 +  }
 +
-+  [quotedString replaceString:@"?=\t=?"
-+		withString:@"?==?"];
++  if ([quotedString rangeOfString: @"=?"].location != NSNotFound) {
++    [quotedString replaceString: @"?= =?" withString: @"?==?"];
++    [quotedString replaceString: @"?=\t=?" withString: @"?==?"];
++  }
 +
 +  return quotedString;
  }
  - (void)_consumeOptionalSpace {
    if (_la(self, 0) == ' ') _consume(self, 1);
-@@ -1090,6 +1116,8 @@
+@@ -1090,6 +1118,8 @@
        return @"";
      
      s = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
@@ -651,7 +653,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
      if (s == nil) {
        [self logWithFormat:
  	      @"ERROR(%s): could not convert data (%d bytes) into string.",
-@@ -1185,7 +1213,7 @@
+@@ -1185,7 +1215,7 @@
    route   = [self _parseQuotedStringOrNIL]; [self _consumeOptionalSpace];
    mailbox = [self _parseQuotedStringOrNIL]; [self _consumeOptionalSpace];
    host    = [self _parseQuotedStringOrNIL]; [self _consumeOptionalSpace];
@@ -660,7 +662,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
    if (_la(self, 0) != ')') {
      [self logWithFormat:@"WARNING: IMAP4 envelope "
  	    @"address not properly closed (c0=%c,c1=%c): %@",
-@@ -1197,6 +1225,7 @@
+@@ -1197,6 +1227,7 @@
    address = [[NGImap4EnvelopeAddress alloc] initWithPersonalName:pname
  					    sourceRoute:route mailbox:mailbox
  					    host:host];
@@ -668,7 +670,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
    return address;
  }
  
-@@ -1594,8 +1623,11 @@
+@@ -1594,8 +1625,11 @@
      if (_decode)
        data = [data decodeQuotedPrintableValueOfMIMEHeaderField:nil];
      
@@ -682,7 +684,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
    }
    else {
      str = _parseUntil2(self, ' ', ')');
-@@ -1620,13 +1652,35 @@
+@@ -1620,13 +1654,35 @@
    return str;
  }
  
@@ -719,7 +721,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
  static NSDictionary *_parseBodyParameterList(NGImap4ResponseParser *self)
  {
    NSMutableDictionary *list;
-@@ -1646,7 +1700,7 @@
+@@ -1646,7 +1702,7 @@
        _consumeIfMatch(self, ' ');
        value = _parseBodyDecodeString(self, YES, YES);
  
@@ -728,7 +730,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
      }
      _consumeIfMatch(self, ')');
    }
-@@ -1731,13 +1785,14 @@
+@@ -1731,13 +1787,14 @@
  static NSDictionary *_parseSingleBody(NGImap4ResponseParser *self,
  				      BOOL isBodyStructure) {
    NSString            *type, *subtype, *bodyId, *description,
@@ -745,7 +747,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
    _consumeIfMatch(self, ' ');
    parameterList = _parseBodyParameterList(self);
    _consumeIfMatch(self, ' ');
-@@ -1762,13 +1817,18 @@
+@@ -1762,13 +1819,18 @@
      _consumeIfMatch(self, ' ');
      [dict setObject:_parseBodyString(self, YES) forKey:@"lines"];
    }
@@ -767,7 +769,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
        _consumeIfMatch(self, ' ');
        [dict setObject:_parseParenthesizedAddressList(self) forKey:@"from"];
        _consumeIfMatch(self, ' ');
-@@ -1783,14 +1843,20 @@
+@@ -1783,14 +1845,20 @@
        _consumeIfMatch(self, ' ');
        [dict setObject:_parseParenthesizedAddressList(self) forKey:@"bcc"];
        _consumeIfMatch(self, ' ');
@@ -791,7 +793,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
      }
    }
  
-@@ -1805,14 +1871,9 @@
+@@ -1805,14 +1873,9 @@
  	      forKey: @"disposition"];
  	if (_la(self, 0) != ')') {
  	  _consume(self,1);
@@ -809,7 +811,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
  	  if (_la(self, 0) != ')') {
  	    _consume(self,1);
  	    [dict setObject: _parseBodyString(self, YES)
-@@ -1829,6 +1890,7 @@
+@@ -1829,6 +1892,7 @@
  static NSDictionary *_parseMultipartBody(NGImap4ResponseParser *self,
  					 BOOL isBodyStructure) {
    NSMutableArray *parts;
@@ -817,7 +819,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
    NSString       *kind;
    NSMutableDictionary *dict;
  
-@@ -1854,14 +1916,9 @@
+@@ -1854,14 +1918,9 @@
  	      forKey: @"disposition"];
  	if (_la(self, 0) != ')') {
  	  _consume(self,1);
@@ -835,7 +837,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
  	  if (_la(self, 0) != ')') {
  	    _consume(self,1);
  	    [dict setObject: _parseBodyString(self, YES)
-@@ -2170,6 +2227,21 @@
+@@ -2170,6 +2229,21 @@
    }
  }
  
@@ -857,7 +859,7 @@ Index: sope-mime/NGImap4/NGImap4ResponseParser.m
  - (NSException *)exceptionForFailedMatch:(unsigned char)_match
    got:(unsigned char)_avail
  {
-@@ -2225,9 +2297,9 @@
+@@ -2225,9 +2299,9 @@
        [s release];
        
        if (c == '\n') {

From 32046a6d2e338a94b6a59183fe3431ff27daf81a Mon Sep 17 00:00:00 2001
From: Wolfgang Sourdeau <wsourdeau@inverse.ca>
Date: Thu, 4 Sep 2008 05:49:39 +0000
Subject: [PATCH 3/3] Monotone-Parent: b4864301d33bcd83b867c526d61b7fbf700afd5a
 Monotone-Revision: 485f88abf48cd4cfca19756b2d50e4d01f48ed95

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2008-09-04T05:49:39
Monotone-Branch: ca.inverse.sogo
---
 ChangeLog                                  |  5 +++
 UI/MailPartViewers/UIxMailPartTextViewer.m | 50 +++++++++++-----------
 2 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7258ed874..2292cf557 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-09-04  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
+
+	* UI/MailPartViewers/UIxMailPartTextViewer.m (convertChars):
+	fixed a buffer overflow. Incremented the buffer size to 8192.
+
 2008-09-02  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
 
 	* SoObjects/Mailer/SOGoMailManager.m ([NGImap
diff --git a/UI/MailPartViewers/UIxMailPartTextViewer.m b/UI/MailPartViewers/UIxMailPartTextViewer.m
index c8d203479..99df539f4 100644
--- a/UI/MailPartViewers/UIxMailPartTextViewer.m
+++ b/UI/MailPartViewers/UIxMailPartTextViewer.m
@@ -44,51 +44,51 @@
 
 @implementation NSString (SOGoMailUIExtension)
 
+#define paddingBuffer 8192
+
 static inline char *
 convertChars (const char *oldString, unsigned int oldLength,
 	      unsigned int *newLength)
 {
   const char *currentChar, *upperLimit;
   char *newString, *destChar, *reallocated;
-  unsigned int length, maxLength, iteration;
-
-  maxLength = oldLength + 500;
-  newString = malloc (maxLength);
+  unsigned int length, maxLength;
+ 
+  maxLength = oldLength + paddingBuffer;
+  newString = malloc (maxLength + 1);
   destChar = newString;
   currentChar = oldString;
 
   length = 0;
-  iteration = 0;
 
   upperLimit = oldString + oldLength;
   while (currentChar < upperLimit)
     {
-      if (*currentChar != '\r')
+      switch (*currentChar)
 	{
-	  if (*currentChar == '\n')
+	case '\r': break;
+	case '\n':
+	  length = destChar - newString;
+	  if (length + paddingBuffer > maxLength - 6)
 	    {
-	      length = destChar - newString;
-	      if ((length + (6 * iteration) + 500) > maxLength)
+	      maxLength += paddingBuffer;
+	      reallocated = realloc (newString, maxLength + 1);
+	      if (reallocated)
 		{
-		  maxLength = length + (iteration * 6) + 500;
-		  reallocated = realloc (newString, maxLength);
-		  if (reallocated)
-		    newString = reallocated;
-		  else
-		    [NSException raise: NSMallocException
-				 format: @"reallocation failed in %s",
-				 __PRETTY_FUNCTION__];
+		  newString = reallocated;
 		  destChar = newString + length;
 		}
-	      strcpy (destChar, "<br />");
-	      destChar += 6;
-	      iteration++;
-	    }
-	  else
-	    {
-	      *destChar = *currentChar;
-	      destChar++;
+	      else
+		[NSException raise: NSMallocException
+			     format: @"reallocation failed in %s",
+			     __PRETTY_FUNCTION__];
 	    }
+	  strcpy (destChar, "<br />");
+	  destChar += 6;
+	  break;
+	default:
+	  *destChar = *currentChar;
+	  destChar++;
 	}
       currentChar++;
     }