Commit 267a8a44 authored by Antonio Radici's avatar Antonio Radici

New upstream version 1.10.1

parent 868fb2bf
2018-07-13 14:25:28 -0700 Kevin McCarthy <kevin@8t8.us> (3d9028fe)
* Check outbuf length in mutt_from_base64()
The obuf can be overflowed in auth_cram.c, and possibly auth_gss.c.
Thanks to Jeriko One for the bug report.
M base64.c
M imap/auth_cram.c
M imap/auth_gss.c
M protos.h
2018-07-13 13:05:22 -0700 Kevin McCarthy <kevin@8t8.us> (6962328c)
* Check destlen and truncate in url_pct_encode().
Thanks to Jeriko One for the patch, which this commit is based upon.
M url.c
2018-07-13 12:35:50 -0700 Kevin McCarthy <kevin@8t8.us> (e57a8602)
* Verify IMAP status mailbox literal count size.
Ensure the length isn't bigger than the idata->buf.
Thanks to Jeriko One fo the bug report and patch, which this commit is
based upon.
M imap/command.c
2018-07-13 12:24:58 -0700 JerikoOne <jeriko.one@gmx.us> (9347b5c0)
* Handle NO response without message properly
M imap/command.c
2018-07-13 12:15:00 -0700 Kevin McCarthy <kevin@8t8.us> (3287534d)
* Don't overflow tmp in msg_parse_fetch.
Ensure INTERNALDATE and RFC822.SIZE field sizes fit temp buffer.
Thanks to Jeriko One for the bug report and patch, which this patch is
based upon.
M imap/message.c
2018-07-13 11:33:16 -0700 Richard Russon <rich@flatcap.org> (31eef6c7)
* Selectively cache headers.
Thanks to NeoMutt and Jeriko One for the patch, which was slightly
modified to apply to the Mutt code.
M imap/util.c
2018-07-13 11:16:33 -0700 Kevin McCarthy <kevin@8t8.us> (6aed28b4)
* Sanitize POP bcache paths.
Protect against bcache directory path traversal for UID values.
Thanks for Jeriko One for the bug report and patch, which this commit
is based upon.
M pop.c
2018-07-13 10:47:11 -0700 JerikoOne <jeriko.one@gmx.us> (e154cba1)
* Ensure UID in fetch_uidl.
M pop.c
2018-07-12 21:41:17 -0700 Kevin McCarthy <kevin@8t8.us> (4d0cd265)
* Fix buffer size check in cmd_parse_lsub.
The size parameter to url_ciss_tostring() was off by one.
M imap/command.c
2018-07-12 20:46:37 -0700 Kevin McCarthy <kevin@8t8.us> (e0131852)
* Fix imap_quote_string() length check errors.
The function wasn't properly checking for dlen<2 before quoting, and
wasn't properly pre-adjusting dlen to include the initial quote.
Thanks to Jeriko One for reporting these issues.
M imap/util.c
2018-07-07 19:32:57 -0700 Kevin McCarthy <kevin@8t8.us> (4ff007ca)
* Mention $pgp_decode_command for $pgp_check_gpg_decrypt_status_fd
It scans $pgp_decode_command for inline and application/pgp mime
types.
M init.h
2018-07-07 19:03:44 -0700 Kevin McCarthy <kevin@8t8.us> (18515281)
* Properly quote IMAP mailbox names when (un)subscribing.
When handling automatic subscription (via $imap_check_subscribed), or
manual subscribe/unsubscribe commands, mutt generating a "mailboxes"
command but failed to properly escape backquotes.
Thanks to Jeriko One for the detailed bug report and patch, which this
commit is based upon.
M imap/command.c
M imap/imap.c
M imap/imap_private.h
M imap/util.c
2018-06-18 11:21:38 +0200 Philipp Gesang <philipp.gesang@intra2net.com> (df4affd1)
* crypt-gpgme: prevent crash on bad S/MIME signature
Inform the user about the fingerprint being unavailable instead
of crashing if the S/MIME signature is bad.
M crypt-gpgme.c
2018-06-04 21:31:33 -0700 Kevin McCarthy <kevin@8t8.us> (edb4ec84)
* Add GnuPG status fd checks for inline pgp.
The difficulty is that "BEGIN PGP MESSAGE" could be a signed and
armored part, so we can't fail hard if it isn't encrypted.
Change pgp_check_decryption_okay() to return more status codes, with
>=0 indicating an actual decryption; -2 and -1 indicating plaintext
found; and -3 indicating an actual DECRYPTION_FAILED status code seen.
Fail hard on -3, but change the message for -2 and -1 to indicate the
message was not encrypted.
M pgp.c
2018-06-04 15:40:57 -0700 Kevin McCarthy <kevin@8t8.us> (8ec6d766)
* Add $pgp_check_gpg_decrypt_status_fd.
If set (the default) mutt performs more thorough checking of the
$pgp_decrypt_command status output for GnuPG result codes.
Ticket #39 revealed that GnuPG (currently) does not protect against
messages that have been manipulated to contain an empty encryption
packet followed by a plaintext packet.
A huge thanks to Marcus Brinkmann for researching this issue, taking
the time to report it to us (and the GnuPG team), and taking even more
time to clarify exactly what needed to be checked for.  
M contrib/gpg.rc
M contrib/pgp2.rc
M contrib/pgp5.rc
M contrib/pgp6.rc
M init.h
M mutt.h
M pgp.c
2018-06-03 14:52:37 -0700 Kevin McCarthy <kevin@8t8.us> (cb2329ae)
* Revert showing real size for small files in mutt_pretty_size().
I thought the change made in 0fa64ba9 was small enough not to matter,
but at least one long-time user took the time to track down the change
and request it be reverted.
M muttlib.c
2018-06-03 14:40:31 -0700 Kevin McCarthy <kevin@8t8.us> (33290d12)
* Switch build scripts to use `` instead of $()
This is for older systems running Bourne shell as /bin/sh.
M mkchangelog.sh
M mkreldate.sh
M version.sh
2013-01-06 19:24:18 +0100 Oswald Buddenhagen <ossi@kde.org> (ec96f5f5)
* fix inappropriate use of FREE() in ssl init error path
OpenSSL structures need to be freed with dedicated functions.
M mutt_ssl.c
2018-05-19 10:57:10 -0700 Kevin McCarthy <kevin@8t8.us> (d55950a8)
* automatic post-release commit for mutt-1.10.0
M ChangeLog
M VERSION
M po/bg.po
M po/ca.po
M po/cs.po
M po/da.po
M po/de.po
M po/el.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fr.po
M po/ga.po
M po/gl.po
M po/hu.po
M po/id.po
M po/it.po
M po/ja.po
M po/ko.po
M po/lt.po
M po/nl.po
M po/pl.po
M po/pt_BR.po
M po/ru.po
M po/sk.po
M po/sv.po
M po/tr.po
M po/uk.po
M po/zh_CN.po
M po/zh_TW.po
2018-05-17 12:24:31 -0700 Ivan Vilata i Balaguer <ivan@selidor.net> (70c9c89b)
* Updated Catalan translation.
......
......@@ -8,6 +8,13 @@ http://www.mutt.org/doc/manual/
The keys used are:
!: modified feature, -: deleted feature, +: new feature
1.10.1 (2018-07-16):
! Bug fix release.
+ $pgp_check_gpg_decrypt_status_fd, when set (the default), checks
GnuPG status fd output more thoroughly for spooofed encrypted
messages. Please see contrib/gpg.rc for suggested values.
1.10.0 (2018-05-19):
! $reply_self is now respected for group-reply, even with $metoo unset.
......
......@@ -81,7 +81,7 @@ void mutt_to_base64 (unsigned char *out, const unsigned char *in, size_t len,
/* Convert '\0'-terminated base 64 string to raw bytes.
* Returns length of returned buffer, or -1 on error */
int mutt_from_base64 (char *out, const char *in)
int mutt_from_base64 (char *out, const char *in, size_t olen)
{
int len = 0;
register unsigned char digit1, digit2, digit3, digit4;
......@@ -103,14 +103,20 @@ int mutt_from_base64 (char *out, const char *in)
in += 4;
/* digits are already sanity-checked */
if (len == olen)
return len;
*out++ = (base64val(digit1) << 2) | (base64val(digit2) >> 4);
len++;
if (digit3 != '=')
{
if (len == olen)
return len;
*out++ = ((base64val(digit2) << 4) & 0xf0) | (base64val(digit3) >> 2);
len++;
if (digit4 != '=')
{
if (len == olen)
return len;
*out++ = ((base64val(digit3) << 6) & 0xc0) | base64val(digit4);
len++;
}
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for mutt 1.10.0.
# Generated by GNU Autoconf 2.69 for mutt 1.10.1.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
......@@ -577,8 +577,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='mutt'
PACKAGE_TARNAME='mutt'
PACKAGE_VERSION='1.10.0'
PACKAGE_STRING='mutt 1.10.0'
PACKAGE_VERSION='1.10.1'
PACKAGE_STRING='mutt 1.10.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
......@@ -1392,7 +1392,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures mutt 1.10.0 to adapt to many kinds of systems.
\`configure' configures mutt 1.10.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1463,7 +1463,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of mutt 1.10.0:";;
short | recursive ) echo "Configuration of mutt 1.10.1:";;
esac
cat <<\_ACEOF
......@@ -1609,7 +1609,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
mutt configure 1.10.0
mutt configure 1.10.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
......@@ -2257,7 +2257,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by mutt $as_me 1.10.0, which was
It was created by mutt $as_me 1.10.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
......@@ -3124,7 +3124,7 @@ fi
# Define the identity of the package.
PACKAGE='mutt'
VERSION='1.10.0'
VERSION='1.10.1'
cat >>confdefs.h <<_ACEOF
......@@ -14066,7 +14066,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by mutt $as_me 1.10.0, which was
This file was extended by mutt $as_me 1.10.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
......@@ -14132,7 +14132,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
mutt config.status 1.10.0
mutt config.status 1.10.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
......
......@@ -106,5 +106,7 @@ set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --w
set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"
# pattern to verify a decryption occurred
set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"
# This is now deprecated by pgp_check_gpg_decrypt_status_fd:
# set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"
set pgp_check_gpg_decrypt_status_fd
......@@ -20,6 +20,9 @@ set pgp_verify_command="pgp +language=mutt +verbose=0 +batchmode -t %s %f"
# decrypt a pgp/mime attachment
set pgp_decrypt_command="PGPPASSFD=0; export PGPPASSFD; cat - %f | pgp +language=mutt +verbose=0 +batchmode -f"
# don't check for GnuPG decryption status codes
unset pgp_check_gpg_decrypt_status_fd
# create a pgp/mime signed attachment
set pgp_sign_command="PGPPASSFD=0; export PGPPASSFD; cat - %f | pgp +language=mutt +verbose=0 +batchmode -abfst %?a? -u %a?"
......
......@@ -17,6 +17,9 @@ set pgp_good_sign = "Good signature"
# decrypt a pgp/mime attachment
set pgp_decrypt_command="PGPPASSFD=0; export PGPPASSFD; cat - %f | pgpv +language=mutt +verbose=0 +batchmode --OutputInformationFD=2 -f"
# don't check for GnuPG decryption status codes
unset pgp_check_gpg_decrypt_status_fd
# create a pgp/mime signed attachment
set pgp_sign_command="PGPPASSFD=0; export PGPPASSFD; cat - %f | pgps +language=mutt +verbose=0 +batchmode -abft %?a? -u %a?"
......
......@@ -14,6 +14,9 @@ set pgp_verify_command="pgp6 +compatible +verbose=0 +batchmode -t %s %f"
# decrypt a pgp/mime attachment
set pgp_decrypt_command="PGPPASSFD=0; export PGPPASSFD; cat - %f | pgp6 +compatible +verbose=0 +batchmode -f"
# don't check for GnuPG decryption status codes
unset pgp_check_gpg_decrypt_status_fd
# create a pgp/mime signed attachment
set pgp_sign_command="PGPPASSFD=0; export PGPPASSFD; cat - %f | pgp6 +compatible +verbose=0 +batchmode -abfst %?a? -u %a?"
......
......@@ -1382,8 +1382,12 @@ static void print_smime_keyinfo (const char* msg, gpgme_signature_t sig,
}
else
{
state_puts (_("KeyID "), s);
state_puts (sig->fpr, s);
if (sig->fpr == NULL)
state_puts (_("no signature fingerprint available"), s);
else {
state_puts (_("KeyID "), s);
state_puts (sig->fpr, s);
}
state_puts ("\n", s);
}
......
......@@ -2766,6 +2766,25 @@ attachments -I message/external-body
# (PGP only)
#
#
# set pgp_check_gpg_decrypt_status_fd=yes
#
# Name: pgp_check_gpg_decrypt_status_fd
# Type: boolean
# Default: yes
#
#
# If set, mutt will check the status file descriptor output
# of $pgp_decrypt_command and $pgp_decode_command for GnuPG status codes
# indicating successful decryption. This will check for the presence of
# DECRYPTION_OKAY, absence of DECRYPTION_FAILED, and that all
# PLAINTEXT occurs between the BEGIN_DECRYPTION and END_DECRYPTION
# status codes.
#
# If unset, mutt will instead match the status fd output
# against $pgp_decryption_okay.
# (PGP only)
#
#
# set pgp_clearsign_command=""
#
# Name: pgp_clearsign_command
......@@ -2837,6 +2856,9 @@ attachments -I message/external-body
# protect against a spoofed encrypted message, with multipart/encrypted
# headers but containing a block that is not actually encrypted.
# (e.g. simply signed and ascii armored text).
#
# Note that if $pgp_check_gpg_decrypt_status_fd is set, this variable
# is ignored.
# (PGP only)
#
#
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
......@@ -342,9 +342,9 @@ entries with this flag will be considered a handler for a MIME type
— all other entries will be ignored.
</p></dd><dt><span class="term">needsterminal</span></dt><dd><p>
Mutt uses this flag when viewing attachments with <a class="link" href="mimesupport.html#auto-view" title="4. MIME Autoview"><span class="command"><strong>auto_view</strong></span></a>, in order to
decide whether it should honor the setting of the <a class="link" href="reference.html#wait-key" title="3.359. wait_key">$wait_key</a> variable or not. When an attachment
decide whether it should honor the setting of the <a class="link" href="reference.html#wait-key" title="3.360. wait_key">$wait_key</a> variable or not. When an attachment
is viewed using an interactive program, and the corresponding mailcap
entry has a <span class="emphasis"><em>needsterminal</em></span> flag, Mutt will use <a class="link" href="reference.html#wait-key" title="3.359. wait_key">$wait_key</a> and the exit status of the program
entry has a <span class="emphasis"><em>needsterminal</em></span> flag, Mutt will use <a class="link" href="reference.html#wait-key" title="3.360. wait_key">$wait_key</a> and the exit status of the program
to decide if it will ask you to press a key after the external program
has exited. In all other situations it will not prompt you for a key.
</p></dd><dt><span class="term">compose=&lt;command&gt;</span></dt><dd><p>
......
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -47,7 +47,7 @@ Mutt uses many temporary files for viewing messages, verifying digital
signatures, etc. As long as being used, these files are visible by other
users and maybe even readable in case of misconfiguration. Also, a
different location for these files may be desired which can be changed
via the <a class="link" href="reference.html#tmpdir" title="3.343. tmpdir">$tmpdir</a> variable.
via the <a class="link" href="reference.html#tmpdir" title="3.344. tmpdir">$tmpdir</a> variable.
</p></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="security-leaks"></a>3. Information Leaks</h2></div></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a id="security-leaks-mid"></a>3.1. Message-Id: headers</h3></div></div></div><p>
Message-Id: headers contain a local part that is to be created in a
unique fashion. In order to do so, Mutt will <span class="quote"><span class="quote">leak</span></span> some
......
......@@ -34,13 +34,13 @@ message storage (Maildir and MH), Mutt's performance can be greatly
improved using <a class="link" href="optionalfeatures.html#header-caching" title="7.1. Header Caching">header caching</a>.
using a single database per folder.
</p></li><li class="listitem"><p>
Mutt provides the <a class="link" href="reference.html#read-inc" title="3.235. read_inc">$read_inc</a> and <a class="link" href="reference.html#write-inc" title="3.366. write_inc">$write_inc</a> variables to specify at which rate
Mutt provides the <a class="link" href="reference.html#read-inc" title="3.236. read_inc">$read_inc</a> and <a class="link" href="reference.html#write-inc" title="3.367. write_inc">$write_inc</a> variables to specify at which rate
to update progress counters. If these values are too low, Mutt may spend
more time on updating the progress counter than it spends on actually
reading/writing folders.
</p><p>
For example, when opening a maildir folder with a few thousand messages,
the default value for <a class="link" href="reference.html#read-inc" title="3.235. read_inc">$read_inc</a> may be
the default value for <a class="link" href="reference.html#read-inc" title="3.236. read_inc">$read_inc</a> may be
too low. It can be tuned on on a folder-basis using <a class="link" href="configuration.html#folder-hook" title="7. Setting Variables Based Upon Mailbox"><span class="command"><strong>folder-hook</strong></span>s</a>:
</p><pre class="screen">
<span class="comment"># use very high $read_inc to speed up reading hcache'd maildirs</span>
......@@ -54,7 +54,7 @@ greatly differ in size and certain operations are much faster than
others, even per-folder settings of the increment variables may not be
desirable as they produce either too few or too much progress updates.
Thus, Mutt allows to limit the number of progress updates per second
it'll actually send to the terminal using the <a class="link" href="reference.html#time-inc" title="3.341. time_inc">$time_inc</a> variable.
it'll actually send to the terminal using the <a class="link" href="reference.html#time-inc" title="3.342. time_inc">$time_inc</a> variable.
</p></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="tuning-messages"></a>2. Reading Messages from Remote Folders</h2></div></div></div><p>
Reading messages from remote folders such as IMAP an POP can be slow
especially for large mailboxes since Mutt only caches a very limited
......
......@@ -71,7 +71,7 @@ imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata, const char* method)
goto bail;
}
if ((len = mutt_from_base64 (obuf, idata->buf + 2)) == -1)
if ((len = mutt_from_base64 (obuf, idata->buf + 2, sizeof(obuf) - 1)) == -1)
{
dprint (1, (debugfile, "Error decoding base64 response.\n"));
goto bail;
......
......@@ -197,7 +197,7 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata, const char* method)
goto bail;
}
request_buf.length = mutt_from_base64 (buf2, idata->buf + 2);
request_buf.length = mutt_from_base64 (buf2, idata->buf + 2, sizeof(buf2));
request_buf.value = buf2;
sec_token = &request_buf;
......@@ -233,7 +233,7 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata, const char* method)
dprint (1, (debugfile, "Error receiving server response.\n"));
goto bail;
}
request_buf.length = mutt_from_base64 (buf2, idata->buf + 2);
request_buf.length = mutt_from_base64 (buf2, idata->buf + 2, sizeof(buf2));
request_buf.value = buf2;
maj_stat = gss_unwrap (&min_stat, context, &request_buf, &send_token,
......
......@@ -586,7 +586,7 @@ static int cmd_handle_untagged (IMAP_DATA* idata)
dprint (2, (debugfile, "Handling untagged NO\n"));
/* Display the warning message from the server */
mutt_error ("%s", s+3);
mutt_error ("%s", s+2);
mutt_sleep (2);
}
......@@ -842,13 +842,14 @@ static void cmd_parse_lsub (IMAP_DATA* idata, char* s)
strfcpy (buf, "mailboxes \"", sizeof (buf));
mutt_account_tourl (&idata->conn->account, &url);
/* escape \ and " */
imap_quote_string(errstr, sizeof (errstr), list.name);
/* escape \ and ". Also escape ` because the resulting
* string will be passed to mutt_parse_rc_line. */
imap_quote_string_and_backquotes (errstr, sizeof (errstr), list.name);
url.path = errstr + 1;
url.path[strlen(url.path) - 1] = '\0';
if (!mutt_strcmp (url.user, ImapUser))
url.user = NULL;
url_ciss_tostring (&url, buf + 11, sizeof (buf) - 10, 0);
url_ciss_tostring (&url, buf + 11, sizeof (buf) - 11, 0);
safe_strcat (buf, sizeof (buf), "\"");
mutt_buffer_init (&token);
mutt_buffer_init (&err);
......@@ -968,6 +969,13 @@ static void cmd_parse_status (IMAP_DATA* idata, char* s)
idata->status = IMAP_FATAL;
return;
}
if (strlen(idata->buf) < litlen)
{
dprint (1, (debugfile, "Error parsing STATUS mailbox\n"));
return;
}
mailbox = idata->buf;
s = mailbox + litlen;
*s = '\0';
......
......@@ -1930,6 +1930,7 @@ int imap_subscribe (char *path, int subscribe)
char buf[LONG_STRING];
char mbox[LONG_STRING];
char errstr[STRING];
int mblen;
BUFFER err, token;
IMAP_MBOX mx;
......@@ -1951,8 +1952,10 @@ int imap_subscribe (char *path, int subscribe)
mutt_buffer_init (&err);
err.data = errstr;
err.dsize = sizeof (errstr);
snprintf (mbox, sizeof (mbox), "%smailboxes \"%s\"",
subscribe ? "" : "un", path);
mblen = snprintf (mbox, sizeof (mbox), "%smailboxes ",
subscribe ? "" : "un");
imap_quote_string_and_backquotes (mbox + mblen, sizeof(mbox) - mblen,
path);
if (mutt_parse_rc_line (mbox, &token, &err))
dprint (1, (debugfile, "Error adding subscribed mailbox: %s\n", errstr));
FREE (&token.data);
......
......@@ -301,7 +301,8 @@ char* imap_next_word (char* s);
time_t imap_parse_date (char* s);
void imap_make_date (char* buf, time_t timestamp);
void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path);
void imap_quote_string (char* dest, size_t slen, const char* src);
void imap_quote_string (char* dest, size_t dlen, const char* src);
void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src);
void imap_unquote_string (char* s);
void imap_munge_mbox_name (IMAP_DATA *idata, char *dest, size_t dlen, const char *src);
void imap_unmunge_mbox_name (IMAP_DATA *idata, char *s);
......
......@@ -1345,6 +1345,7 @@ static int msg_parse_fetch (IMAP_HEADER *h, char *s)
{
char tmp[SHORT_STRING];
char *ptmp;
size_t dlen;
if (!s)
return -1;
......@@ -1378,8 +1379,12 @@ static int msg_parse_fetch (IMAP_HEADER *h, char *s)
}
s++;
ptmp = tmp;
while (*s && *s != '\"')
dlen = sizeof(tmp) - 1;
while (*s && *s != '\"' && dlen)
{
*ptmp++ = *s++;
dlen--;
}
if (*s != '\"')
return -1;
s++; /* skip past the trailing " */
......@@ -1391,8 +1396,12 @@ static int msg_parse_fetch (IMAP_HEADER *h, char *s)
s += 11;
SKIPWS (s);
ptmp = tmp;
while (isdigit ((unsigned char) *s))
dlen = sizeof(tmp) - 1;
while (isdigit ((unsigned char) *s) && dlen)
{
*ptmp++ = *s++;
dlen--;
}
*ptmp = 0;
if (mutt_atol (tmp, &h->content_length) < 0)
return -1;
......
......@@ -84,6 +84,7 @@ header_cache_t* imap_hcache_open (IMAP_DATA* idata, const char* path)
ciss_url_t url;
char cachepath[LONG_STRING];
char mbox[LONG_STRING];
size_t len;
if (path)
imap_cachepath (idata, path, mbox, sizeof (mbox));
......@@ -96,6 +97,12 @@ header_cache_t* imap_hcache_open (IMAP_DATA* idata, const char* path)
FREE (&mx.mbox);
}
if (strstr(mbox, "/../") || (strcmp(mbox, "..") == 0) || (strncmp(mbox, "../", 3) == 0))
return NULL;
len = strlen(mbox);
if ((len > 3) && (strcmp(mbox + len - 3, "/..") == 0))
return NULL;
mutt_account_tourl (&idata->conn->account, &url);
url.path = mbox;
url_ciss_tostring (&url, cachepath, sizeof (cachepath), U_PATH);
......@@ -608,28 +615,35 @@ void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path)
}
/* imap_quote_string: quote string according to IMAP rules:
* surround string with quotes, escape " and \ with \ */
void imap_quote_string (char *dest, size_t dlen, const char *src)
static void _imap_quote_string (char *dest, size_t dlen, const char *src,
const char *to_quote)
{
static const char quote[] = "\"\\";
char *pt;
const char *s;
if (!(dest && dlen && src && to_quote))
return;
if (dlen < 3)
{
*dest = 0;
return;
}
pt = dest;
s = src;
*pt++ = '"';
/* save room for trailing quote-char */
dlen -= 2;
/* save room for pre/post quote-char and trailing null */
dlen -= 3;
*pt++ = '"';
for (; *s && dlen; s++)
{
if (strchr (quote, *s))
if (strchr (to_quote, *s))
{
if (dlen < 2)
break;
dlen -= 2;
if (!dlen)
break;
*pt++ = '\\';
*pt++ = *s;
}
......@@ -643,6 +657,23 @@ void imap_quote_string (char *dest, size_t dlen, const char *src)
*pt = 0;
}
/* imap_quote_string: quote string according to IMAP rules:
* surround string with quotes, escape " and \ with \ */
void imap_quote_string (char *dest, size_t dlen, const char *src)
{
_imap_quote_string (dest, dlen, src, "\"\\");
}
/* imap_quote_string_and_backquotes: quote string according to IMAP rules:
* surround string with quotes, escape " and \ with \.
* Additionally, escape backquotes with \ to protect against code injection
* when using the resulting string in mutt_parse_rc_line().
*/
void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src)
{
_imap_quote_string (dest, dlen, src, "\"\\`");
}
/* imap_unquote_string: equally stupid unquoting routine */
void imap_unquote_string (char *s)
{
......
......@@ -1941,6 +1941,20 @@ struct option_t MuttVars[] = {
** subprocess failed.
** (PGP only)
*/
{ "pgp_check_gpg_decrypt_status_fd", DT_BOOL, R_NONE, OPTPGPCHECKGPGDECRYPTSTATUSFD, 1 },
/*
** .pp
** If \fIset\fP, mutt will check the status file descriptor output
** of $$pgp_decrypt_command and $$pgp_decode_command for GnuPG status codes
** indicating successful decryption. This will check for the presence of
** DECRYPTION_OKAY, absence of DECRYPTION_FAILED, and that all
** PLAINTEXT occurs between the BEGIN_DECRYPTION and END_DECRYPTION
** status codes.