evolution/evolution-3.2.2-CVE-2011-3201.patch
Matthew Barnes b9461f095d CVE-2011-3201
2011-11-30 07:32:03 -06:00

56 lines
1.5 KiB
Diff

diff -up evolution-3.2.2/composer/e-msg-composer.c.CVE-2011-3201 evolution-3.2.2/composer/e-msg-composer.c
--- evolution-3.2.2/composer/e-msg-composer.c.CVE-2011-3201 2011-10-20 05:38:02.000000000 -0500
+++ evolution-3.2.2/composer/e-msg-composer.c 2011-11-30 07:30:00.504101491 -0600
@@ -4003,6 +4003,35 @@ merge_always_cc_and_bcc (EComposerHeader
e_destination_freev (addrv);
}
+static const gchar *blacklist[] = { ".", "etc", ".." };
+
+static gboolean
+file_is_blacklisted (const gchar *filename)
+{
+ gboolean blacklisted = FALSE;
+ guint ii, jj, n_parts;
+ gchar **parts;
+
+ parts = g_strsplit (filename, G_DIR_SEPARATOR_S, -1);
+ n_parts = g_strv_length (parts);
+
+ for (ii = 0; ii < G_N_ELEMENTS (blacklist); ii++) {
+ for (jj = 0; jj < n_parts; jj++) {
+ if (g_str_has_prefix (parts[jj], blacklist[ii])) {
+ blacklisted = TRUE;
+ break;
+ }
+ }
+ }
+
+ g_strfreev (parts);
+
+ if (blacklisted)
+ g_message ("Skipping suspicious attachment: %s", filename);
+
+ return blacklisted;
+}
+
static void
handle_mailto (EMsgComposer *composer,
const gchar *mailto)
@@ -4096,6 +4125,8 @@ handle_mailto (EMsgComposer *composer,
EAttachment *attachment;
camel_url_decode (content);
+ if (file_is_blacklisted (content))
+ goto next;
if (g_ascii_strncasecmp (content, "file:", 5) == 0)
attachment = e_attachment_new_for_uri (content);
else
@@ -4115,6 +4146,7 @@ handle_mailto (EMsgComposer *composer,
e_msg_composer_add_header (composer, header, content);
}
+next:
g_free (content);
p += clen;