56 lines
1.5 KiB
Diff
56 lines
1.5 KiB
Diff
diff -up evolution-3.0.3/composer/e-msg-composer.c.CVE-2011-3201 evolution-3.0.3/composer/e-msg-composer.c
|
|
--- evolution-3.0.3/composer/e-msg-composer.c.CVE-2011-3201 2011-07-15 02:42:06.000000000 -0500
|
|
+++ evolution-3.0.3/composer/e-msg-composer.c 2011-11-30 07:32:33.485560137 -0600
|
|
@@ -3893,6 +3893,35 @@ add_recipients (GList *list, const gchar
|
|
return list;
|
|
}
|
|
|
|
+static const gchar *blacklist[] = { ".", "etc", ".." };
|
|
+
|
|
+static gboolean
|
|
+file_is_blacklisted (const gchar *filename)
|
|
+{
|
|
+ gboolean blacklisted = FALSE;
|
|
+ guint ii, jj, n_parts;
|
|
+ gchar **parts;
|
|
+
|
|
+ parts = g_strsplit (filename, G_DIR_SEPARATOR_S, -1);
|
|
+ n_parts = g_strv_length (parts);
|
|
+
|
|
+ for (ii = 0; ii < G_N_ELEMENTS (blacklist); ii++) {
|
|
+ for (jj = 0; jj < n_parts; jj++) {
|
|
+ if (g_str_has_prefix (parts[jj], blacklist[ii])) {
|
|
+ blacklisted = TRUE;
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+ g_strfreev (parts);
|
|
+
|
|
+ if (blacklisted)
|
|
+ g_message ("Skipping suspicious attachment: %s", filename);
|
|
+
|
|
+ return blacklisted;
|
|
+}
|
|
+
|
|
static void
|
|
handle_mailto (EMsgComposer *composer, const gchar *mailto)
|
|
{
|
|
@@ -3985,6 +4014,8 @@ handle_mailto (EMsgComposer *composer, c
|
|
EAttachment *attachment;
|
|
|
|
camel_url_decode (content);
|
|
+ if (file_is_blacklisted (content))
|
|
+ goto next;
|
|
if (g_ascii_strncasecmp (content, "file:", 5) == 0)
|
|
attachment = e_attachment_new_for_uri (content);
|
|
else
|
|
@@ -4004,6 +4035,7 @@ handle_mailto (EMsgComposer *composer, c
|
|
e_msg_composer_add_header (composer, header, content);
|
|
}
|
|
|
|
+next:
|
|
g_free (content);
|
|
|
|
p += clen;
|