Skip to content

Commit

Permalink
Merge pull request #6 from Zentyal/ejhernandez/fix-memory-leak-when-n…
Browse files Browse the repository at this point in the history 
…on-decoding-quoted-printable

Fix memory leak when failing to parse a quoted printable
  • Loading branch information
@papajulio
papajulio committed Dec 1, 2014
2 parents 8ce09d9 + 4ed6877 commit 44c1e08
Show file tree
Hide file tree
Showing 2 changed files with 231 additions and 30 deletions.
188 changes: 188 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,191 @@
commit bb70653d820450507097230add9fa1fa13b2453c
Author: Ludovic Marcotte <[email protected]>
Date: Thu Nov 20 09:42:42 2014 -0500

Revert "Fix crash when decoding a = at end of the data"

This reverts commit 1544d178c4cf56ee8358f06475c4b3e45dddc11c.

M sope-core/NGExtensions/NGQuotedPrintableCoding.m

commit 67c58bfd91e859c9bf643cf20cc44ed2fe6e389f
Author: Ludovic Marcotte <[email protected]>
Date: Tue Nov 18 10:52:22 2014 -0500

Improved last commit after more Outlook's brain damange findings

M sope-core/NGExtensions/NGBase64Coding.m
M sope-mime/NGMime/NGMimePartGenerator.m

commit c959d950a64d45d679f8a59a82a3b499c05415f8
Author: Ludovic Marcotte <[email protected]>
Date: Tue Nov 18 09:06:37 2014 -0500

Disable original and broken padding.

M sope-core/NGExtensions/NGBase64Coding.m

commit 2c127ff4a7a448820c7b36b68918fce0c394c7d7
Author: Ludovic Marcotte <[email protected]>
Date: Mon Nov 17 21:04:01 2014 -0500

Pad the output buffer to avoid Outlook corruption

M sope-core/NGExtensions/NGBase64Coding.m

commit 1544d178c4cf56ee8358f06475c4b3e45dddc11c
Author: Enrique J. Hernández Blasco <[email protected]>
Date: Fri Nov 14 11:37:04 2014 +0100

Fix crash when decoding a = at end of the data

In decoding a quoted printable mail. There is a buffer overflow
as we are always parsing two bytes instead of one.

See the full backtrace at:

https://gist.github.com/sixstone-qq/cb8099b66c2911e8aaf2

M sope-core/NGExtensions/NGQuotedPrintableCoding.m

commit ceae95aaa2400b339c1ed42650c5bc35b2170dff
Author: Ludovic Marcotte <[email protected]>
Date: Wed Nov 12 11:22:21 2014 -0500

Avoid failures on non-RHEL7 distros

M packaging/rhel/sope.spec

commit 31de3aac952b97c10b3fecbde5068673ee1538df
Author: Ludovic Marcotte <[email protected]>
Date: Mon Nov 10 16:07:55 2014 -0500

Adjust the GNUstep makefiles path on EL7

M packaging/rhel/sope.spec

commit dd065c21ec420dbdbd486b9c57ccd33220eab123
Author: Ludovic Marcotte <[email protected]>
Date: Mon Nov 10 15:38:24 2014 -0500

Cleaned up the file

M packaging/rhel/sope.spec

commit 7305bc339f72ba9790813ec66a8da53acaef4382
Author: Ludovic Marcotte <[email protected]>
Date: Mon Nov 10 15:31:54 2014 -0500

Fixed spec file for EL7

M packaging/rhel/sope.spec

commit 19fbde18941a18037905086e46e20bb1f1c6206b
Author: Ludovic Marcotte <[email protected]>
Date: Mon Nov 10 14:10:35 2014 -0500

Verbose logging

M packaging/rhel/sope.spec

commit 31aec7522fee85b7c164e0ffb49ab9cabe8303cd
Author: Ludovic Marcotte <[email protected]>
Date: Mon Nov 10 14:02:05 2014 -0500

Fixed one more typo

M packaging/rhel/sope.spec

commit 6398402d19490a8f2ebf9c443adb3baa0b1df421
Author: Ludovic Marcotte <[email protected]>
Date: Mon Nov 10 13:57:11 2014 -0500

Fixed typo

M packaging/rhel/sope.spec

commit 74a3367274565893a7d00753d38886b48ec3c096
Author: Ludovic Marcotte <[email protected]>
Date: Mon Nov 10 13:51:33 2014 -0500

Improvements to spec file

M packaging/rhel/sope.spec

commit 7062f085c58b89daecb2b7db3ff782ebc4e47901
Author: Ludovic Marcotte <[email protected]>
Date: Mon Nov 10 13:40:08 2014 -0500

spec file improvements, disabled Oracle support for now

M packaging/rhel/sope.spec

commit 75995d361fb0e5da74c9e84f753bc2dca03270c9
Author: Wolfgang Sourdeau <[email protected]>
Date: Sat Feb 22 09:00:47 2014 -0500

WOCompountElement: the array of children was not properly allocated, leading to a buffer overflow

M sope-appserver/NGObjWeb/DynamicElements/WOCompoundElement.h
M sope-appserver/NGObjWeb/DynamicElements/WOCompoundElement.m

commit 9fe995c38d190f051acacdd5f2eeefc58b837f24
Author: Jeroen Dekkers <[email protected]>
Date: Mon Oct 13 11:49:54 2014 +0200

Add support for arm64

M sope-gdl1/GDLAccess/EOSQLQualifier.m
M sope-gdl1/GDLAccess/FoundationExt/PrintfFormatScanner.m

commit fb65ea6df85a76caaae3c480178d182c0cabe93c
Author: Ludovic Marcotte <[email protected]>
Date: Wed Oct 15 16:21:51 2014 -0400

Small fix on RHEL7

M packaging/rhel/sope.spec

commit e193644086d96e0f4ca7ce13c9ca4bc4ba0c7d08
Author: Ludovic Marcotte <[email protected]>
Date: Wed Oct 15 16:12:31 2014 -0400

Fixed unused dependancy

M packaging/rhel/sope.spec

commit bcffd9a6034ada60b20319e209cf4474b8f359f8
Author: Ludovic Marcotte <[email protected]>
Date: Wed Oct 15 16:03:52 2014 -0400

Disabled Oracle support on RHEL7

M packaging/rhel/sope.spec

commit 00a3dc5c059d0efeb5003f768aca3c1ded0b3e66
Author: Ludovic Marcotte <[email protected]>
Date: Wed Oct 15 15:50:29 2014 -0400

Initial work on RHEL 7

M packaging/rhel/sope.spec

commit cb31698b1b23a4a82cfa79a2e4f7b6c733c067ab
Author: Francis Lachapelle <[email protected]>
Date: Mon Oct 6 13:54:11 2014 -0400

Fix BrazilianPortuguese language mapping

M sope-appserver/NGObjWeb/Languages.plist

commit 34893bd565e91c24dbed6c371ce57615345de6fd
Author: Ludovic Marcotte <[email protected]>
Date: Fri Sep 26 14:34:25 2014 -0400

Update ChangeLog

M ChangeLog

commit 0ee64d0309ecc96a29d7c788e56246aec3606ad5
Author: Ludovic Marcotte <[email protected]>
Date: Mon Sep 15 15:46:45 2014 -0400
Expand Down
73 changes: 43 additions & 30 deletions sope-core/NGExtensions/NGQuotedPrintableCoding.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,13 @@ @implementation NSString(QuotedPrintableCoding)

- (NSString *)stringByDecodingQuotedPrintable {
NSData *data;

data = ([self length] > 0)
? [self dataUsingEncoding:NSASCIIStringEncoding]
: [NSData data];

data = [data dataByDecodingQuotedPrintable];

// TODO: should we default to some specific charset instead? (either
// Latin1 or UTF-8
// or the charset of the receiver?
Expand All @@ -44,14 +44,14 @@ - (NSString *)stringByDecodingQuotedPrintable {

- (NSString *)stringByEncodingQuotedPrintable {
NSData *data;

// TBD: which encoding to use?
data = ([self length] > 0)
? [self dataUsingEncoding:[NSString defaultCStringEncoding]]
: [NSData data];

data = [data dataByEncodingQuotedPrintable];

return [[[NSString alloc] initWithData:data encoding:NSASCIIStringEncoding]
autorelease];
}
Expand All @@ -65,31 +65,40 @@ - (NSData *)dataByDecodingQuotedPrintable {
char *dest;
size_t destSize;
size_t resSize;

destSize = [self length];
dest = malloc(destSize * sizeof(char) + 2);

resSize =
resSize =
NGDecodeQuotedPrintableX([self bytes], [self length], dest, destSize, YES);

return ((int)resSize != -1)
? [NSData dataWithBytesNoCopy:dest length:resSize]
: nil;

if ((int)resSize == -1)
{
free(dest);
return nil;
}

return [NSData dataWithBytesNoCopy:dest length:resSize];
}

- (NSData *)dataByDecodingQuotedPrintableTransferEncoding {
char *dest;
size_t destSize;
size_t resSize;

destSize = [self length];
dest = malloc(destSize * sizeof(char) + 2);

resSize =
resSize =
NGDecodeQuotedPrintableX([self bytes], [self length], dest, destSize, NO);

return ((int)resSize != -1)
? [NSData dataWithBytesNoCopy:dest length:resSize]
: nil;

if ((int)resSize == -1)
{
free(dest);
return nil;
}

return [NSData dataWithBytesNoCopy:dest length:resSize];
}

- (NSData *)dataByEncodingQuotedPrintable {
Expand All @@ -100,13 +109,17 @@ - (NSData *)dataByEncodingQuotedPrintable {

// length/64*3 should be plenty for soft newlines
desLen = (length + length/64) *3;
des = NGMallocAtomic(sizeof(char) * desLen);
des = malloc(sizeof(char) * desLen);

desLen = NGEncodeQuotedPrintable(bytes, length, des, desLen);

return (int)desLen != -1
? [NSData dataWithBytesNoCopy:des length:desLen]
: nil;
if ((int)desLen == -1)
{
free(des);
return nil;
}

return [NSData dataWithBytesNoCopy:des length:desLen];
}

@end /* NSData(QuotedPrintableCoding) */
Expand Down Expand Up @@ -142,7 +155,7 @@ int NGDecodeQuotedPrintableX(const char *_src, unsigned _srcLen,

for (cnt = 0; ((cnt < _srcLen) && (destCnt < _destLen)); cnt++) {
if (_src[cnt] != '=') {
_dest[destCnt] =
_dest[destCnt] =
(_replaceUnderline && _src[cnt] == '_') ? 0x20 : _src[cnt];
destCnt++;
}
Expand All @@ -152,7 +165,7 @@ int NGDecodeQuotedPrintableX(const char *_src, unsigned _srcLen,

cnt++; // skip '='
c1 = _src[cnt]; // first hex digit

if (c1 == '\r' || c1 == '\n') {
if (cnt < _srcLen && (_src[cnt + 1] == '\r' || _src[cnt + 1] == '\n' ))
cnt++;
Expand All @@ -163,10 +176,10 @@ int NGDecodeQuotedPrintableX(const char *_src, unsigned _srcLen,
break;

c1 = __hexToChar(c1);

cnt++; // skip first hex digit
c2 = __hexToChar(_src[cnt]);

if ((c1 == -1) || (c2 == -1)) {
if ((_destLen - destCnt) > 1) {
_dest[destCnt] = _src[cnt - 1]; destCnt++;
Expand All @@ -181,7 +194,7 @@ int NGDecodeQuotedPrintableX(const char *_src, unsigned _srcLen,
destCnt++;
}
}
else
else
break;
}
}
Expand All @@ -204,7 +217,7 @@ int NGDecodeQuotedPrintable(const char *_src, unsigned _srcLen,
...
In this encoding, octets are to be represented as determined by the
following rules:
following rules:
(1) (General 8bit representation) Any octet, except a CR or
Expand Down Expand Up @@ -244,7 +257,7 @@ because some MTAs (Message Transport Agents, programs which transport
are known to remove "white space" characters from the end of a line.
Therefore, when decoding a Quoted-Printable body, any trailing white
space on a line must be deleted, as it will necessarily have been
added by intermediate transport agents.
added by intermediate transport agents.
(4) (Line Breaks) A line break in a text body, represented
Expand All @@ -269,7 +282,7 @@ represented by a (RFC 822) line break, which is also a
encoded line indicates such a non-significant ("soft")
line break in the encoded text.
*/
*/

int NGEncodeQuotedPrintable(const char *_src, unsigned _srcLen,
char *_dest, unsigned _destLen) {
Expand Down

0 comments on commit 44c1e08

Please sign in to comment.