fixed a buffer overflow bug.

git-svn-id: svn://sylpheed.sraoss.jp/sylpheed/trunk@145 ee746299-78ed-0310-b773-934348b2243d

6 files changed, 58 insertions, 91 deletions

diff --git a/src/codeconv.c b/src/codeconv.c
index 36e158c0..0d494919 100644
--- a/src/codeconv.c
+++ b/src/codeconv.c
@@ -1541,54 +1541,46 @@ const gchar *conv_get_current_locale(void)
 	return cur_locale;
 }
 
-void conv_unmime_header_overwrite(gchar *str)
-{
-	gchar *buf;
-	gint buflen;
-
-	buflen = strlen(str) * 2 + 1;
-	Xalloca(buf, buflen, return);
-
-	if (conv_get_locale_charset() == C_EUC_JP)
-		conv_anytodisp(buf, buflen, str);
-	else
-		conv_localetodisp(buf, buflen, str);
-
-	unmime_header(str, buf);
-}
-
-void conv_unmime_header(gchar *outbuf, gint outlen, const gchar *str,
-			const gchar *default_encoding)
+gchar *conv_unmime_header(const gchar *str, const gchar *default_encoding)
 {
 	gchar *buf;
 	gint buflen;
+	gchar *utf8_buf;
 
 	if (is_ascii_str(str)) {
-		unmime_header(outbuf, str);
-		return;
+		buflen = strlen(str) * 6 + 1;
+		Xalloca(buf, buflen, return NULL);
+		unmime_header(buf, str);
+		return g_strdup(buf);
 	}
 
 	if (default_encoding) {
-		gchar *utf8_str;
-
-		utf8_str = conv_codeset_strdup
+		utf8_buf = conv_codeset_strdup
 			(str, default_encoding, CS_INTERNAL);
-		if (utf8_str) {
-			unmime_header(outbuf, utf8_str);
-			g_free(utf8_str);
-			return;
+		if (utf8_buf) {
+			buflen = strlen(utf8_buf) * 6 + 1;
+			Xalloca(buf, buflen,
+				{ g_free(utf8_buf); return NULL; });
+			unmime_header(buf, utf8_buf);
+			g_free(utf8_buf);
+			return g_strdup(buf);
 		}
 	}
 
-	buflen = strlen(str) * 2 + 1;
-	Xalloca(buf, buflen, return);
+	buflen = strlen(str) * 6 + 1;
+	Xalloca(utf8_buf, buflen, return NULL);
 
 	if (conv_get_locale_charset() == C_EUC_JP)
-		conv_anytodisp(buf, buflen, str);
+		conv_anytodisp(utf8_buf, buflen, str);
 	else
-		conv_localetodisp(buf, buflen, str);
+		conv_localetodisp(utf8_buf, buflen, str);
+
+	buflen = strlen(utf8_buf) * 6 + 1;
+	Xalloca(buf, buflen, return NULL);
+
+	unmime_header(buf, utf8_buf);
 
-	unmime_header(outbuf, buf);
+	return g_strdup(buf);
 }
 
 #define MAX_LINELEN		76
diff --git a/src/codeconv.h b/src/codeconv.h
index 89155d7a..e2b3edda 100644
--- a/src/codeconv.h
+++ b/src/codeconv.h
@@ -209,11 +209,8 @@ gboolean conv_is_multibyte_encoding		(CharSet	 encoding);
 
 const gchar *conv_get_current_locale		(void);
 
-void conv_unmime_header_overwrite	(gchar		*str);
-void conv_unmime_header			(gchar		*outbuf,
-					 gint		 outlen,
-					 const gchar	*str,
-					 const gchar	*charset);
+gchar *conv_unmime_header		(const gchar	*str,
+					 const gchar	*default_encoding);
 void conv_encode_header			(gchar		*dest,
 					 gint		 len,
 					 const gchar	*src,
diff --git a/src/compose.c b/src/compose.c
index eeed9483..f86d3274 100644
--- a/src/compose.c
+++ b/src/compose.c
@@ -1164,13 +1164,14 @@ static gint compose_parse_header(Compose *compose, MsgInfo *msginfo)
 	fclose(fp);
 
 	if (hentry[H_REPLY_TO].body != NULL) {
-		conv_unmime_header_overwrite(hentry[H_REPLY_TO].body);
-		compose->replyto = hentry[H_REPLY_TO].body;
+		compose->replyto =
+			conv_unmime_header(hentry[H_REPLY_TO].body, NULL);
+		g_free(hentry[H_REPLY_TO].body);
 		hentry[H_REPLY_TO].body = NULL;
 	}
 	if (hentry[H_CC].body != NULL) {
-		conv_unmime_header_overwrite(hentry[H_CC].body);
-		compose->cc = hentry[H_CC].body;
+		compose->cc = conv_unmime_header(hentry[H_CC].body, NULL);
+		g_free(hentry[H_CC].body);
 		hentry[H_CC].body = NULL;
 	}
 	if (hentry[H_REFERENCES].body != NULL) {
@@ -1184,11 +1185,10 @@ static gint compose_parse_header(Compose *compose, MsgInfo *msginfo)
 		hentry[H_REFERENCES].body = NULL;
 	}
 	if (hentry[H_BCC].body != NULL) {
-		if (compose->mode == COMPOSE_REEDIT) {
-			conv_unmime_header_overwrite(hentry[H_BCC].body);
-			compose->bcc = hentry[H_BCC].body;
-		} else
-			g_free(hentry[H_BCC].body);
+		if (compose->mode == COMPOSE_REEDIT)
+			compose->bcc =
+				conv_unmime_header(hentry[H_BCC].body, NULL);
+		g_free(hentry[H_BCC].body);
 		hentry[H_BCC].body = NULL;
 	}
 	if (hentry[H_NEWSGROUPS].body != NULL) {
@@ -1196,8 +1196,9 @@ static gint compose_parse_header(Compose *compose, MsgInfo *msginfo)
 		hentry[H_NEWSGROUPS].body = NULL;
 	}
 	if (hentry[H_FOLLOWUP_TO].body != NULL) {
-		conv_unmime_header_overwrite(hentry[H_FOLLOWUP_TO].body);
-		compose->followup_to = hentry[H_FOLLOWUP_TO].body;
+		compose->followup_to =
+			conv_unmime_header(hentry[H_FOLLOWUP_TO].body, NULL);
+		g_free(hentry[H_FOLLOWUP_TO].body);
 		hentry[H_FOLLOWUP_TO].body = NULL;
 	}
 	if (hentry[H_LIST_POST].body != NULL) {
diff --git a/src/news.c b/src/news.c
index 8d1622bb..c65f803c 100644
--- a/src/news.c
+++ b/src/news.c
@@ -911,7 +911,6 @@ static GSList *news_get_uncached_articles(NNTPSession *session,
 static MsgInfo *news_parse_xover(const gchar *xover_str)
 {
 	MsgInfo *msginfo;
-	gchar buf[NNTPBUFSIZE];
 	gchar *subject, *sender, *size, *line, *date, *msgid, *ref, *tmp;
 	gchar *p;
 	gint num, size_int, line_int;
@@ -944,12 +943,10 @@ static MsgInfo *news_parse_xover(const gchar *xover_str)
 	msginfo->date = g_strdup(date);
 	msginfo->date_t = procheader_date_parse(NULL, date, 0);
 
-	conv_unmime_header(buf, sizeof(buf), sender, NULL);
-	msginfo->from = g_strdup(buf);
-	msginfo->fromname = procheader_get_fromname(buf);
+	msginfo->from = conv_unmime_header(sender, NULL);
+	msginfo->fromname = procheader_get_fromname(msginfo->from);
 
-	conv_unmime_header(buf, sizeof(buf), subject, NULL);
-	msginfo->subject = g_strdup(buf);
+	msginfo->subject = conv_unmime_header(subject, NULL);
 
 	extract_parenthesis(msgid, '<', '>');
 	remove_space(msgid);
diff --git a/src/procheader.c b/src/procheader.c
index e76ad802..99acdd79 100644
--- a/src/procheader.c
+++ b/src/procheader.c
@@ -225,7 +225,7 @@ GSList *procheader_get_header_list_from_file(const gchar *file)
 
 GSList *procheader_get_header_list(FILE *fp)
 {
-	gchar buf[BUFFSIZE], tmp[BUFFSIZE];
+	gchar buf[BUFFSIZE];
 	gchar *p;
 	GSList *hlist = NULL;
 	Header *header;
@@ -240,8 +240,7 @@ GSList *procheader_get_header_list(FILE *fp)
 				header->name = g_strndup(buf, p - buf);
 				p++;
 				while (*p == ' ' || *p == '\t') p++;
-				conv_unmime_header(tmp, sizeof(tmp), p, NULL);
-				header->body = g_strdup(tmp);
+				header->body = conv_unmime_header(p, NULL);
 
 				hlist = g_slist_append(hlist, header);
 				break;
@@ -298,7 +297,7 @@ gint procheader_find_header_list(GSList *hlist, const gchar *header_name)
 
 GPtrArray *procheader_get_header_array(FILE *fp, const gchar *encoding)
 {
-	gchar buf[BUFFSIZE], tmp[BUFFSIZE];
+	gchar buf[BUFFSIZE];
 	gchar *p;
 	GPtrArray *headers;
 	Header *header;
@@ -315,9 +314,7 @@ GPtrArray *procheader_get_header_array(FILE *fp, const gchar *encoding)
 				header->name = g_strndup(buf, p - buf);
 				p++;
 				while (*p == ' ' || *p == '\t') p++;
-				conv_unmime_header(tmp, sizeof(tmp), p,
-						   encoding);
-				header->body = g_strdup(tmp);
+				header->body = conv_unmime_header(p, encoding);
 
 				g_ptr_array_add(headers, header);
 				break;
@@ -330,7 +327,7 @@ GPtrArray *procheader_get_header_array(FILE *fp, const gchar *encoding)
 
 GPtrArray *procheader_get_header_array_asis(FILE *fp, const gchar *encoding)
 {
-	gchar buf[BUFFSIZE], tmp[BUFFSIZE];
+	gchar buf[BUFFSIZE];
 	gchar *p;
 	GPtrArray *headers;
 	Header *header;
@@ -346,9 +343,7 @@ GPtrArray *procheader_get_header_array_asis(FILE *fp, const gchar *encoding)
 				header = g_new(Header, 1);
 				header->name = g_strndup(buf, p - buf);
 				p++;
-				conv_unmime_header(tmp, sizeof(tmp), p,
-						   encoding);
-				header->body = g_strdup(tmp);
+				header->body = conv_unmime_header(p, encoding);
 
 				g_ptr_array_add(headers, header);
 				break;
@@ -507,7 +502,7 @@ MsgInfo *procheader_parse_stream(FILE *fp, MsgFlags flags, gboolean full)
 					    {NULL,		NULL, FALSE}};
 
 	MsgInfo *msginfo;
-	gchar buf[BUFFSIZE], tmp[BUFFSIZE];
+	gchar buf[BUFFSIZE];
 	gchar *reference = NULL;
 	gchar *p;
 	gchar *hp;
@@ -614,24 +609,20 @@ MsgInfo *procheader_parse_stream(FILE *fp, MsgFlags flags, gboolean full)
 	}
 
 	if (from) {
-		conv_unmime_header(tmp, sizeof(tmp), from, charset);
-		msginfo->from = g_strdup(tmp);
-		msginfo->fromname = procheader_get_fromname(tmp);
+		msginfo->from = conv_unmime_header(from, charset);
+		msginfo->fromname = procheader_get_fromname(msginfo->from);
 		g_free(from);
 	}
 	if (to) {
-		conv_unmime_header(tmp, sizeof(tmp), to, charset);
-		msginfo->to = g_strdup(tmp);
+		msginfo->to = conv_unmime_header(to, charset);
 		g_free(to);
 	}
 	if (subject) {
-		conv_unmime_header(tmp, sizeof(tmp), subject, charset);
-		msginfo->subject = g_strdup(tmp);
+		msginfo->subject = conv_unmime_header(subject, charset);
 		g_free(subject);
 	}
 	if (cc) {
-		conv_unmime_header(tmp, sizeof(tmp), cc, charset);
-		msginfo->cc = g_strdup(tmp);
+		msginfo->cc = conv_unmime_header(cc, charset);
 		g_free(cc);
 	}
 
diff --git a/src/procmime.c b/src/procmime.c
index 39e5fde9..2a527774 100644
--- a/src/procmime.c
+++ b/src/procmime.c
@@ -403,15 +403,9 @@ void procmime_scan_content_type_str(const gchar *content_type,
 		if (*value) {
 			if (charset && !g_strcasecmp(attr, "charset"))
 				*charset = g_strdup(value);
-			else if (name && !g_strcasecmp(attr, "name")) {
-				gchar *tmp;
-				size_t len;
-
-				len = strlen(value) + 1;
-				Xalloca(tmp, len, return);
-				conv_unmime_header(tmp, len, value, NULL);
-				*name = g_strdup(tmp);
-			} else if (boundary && !g_strcasecmp(attr, "boundary"))
+			else if (name && !g_strcasecmp(attr, "name"))
+				*name = conv_unmime_header(value, NULL);
+			else if (boundary && !g_strcasecmp(attr, "boundary"))
 				*boundary = g_strdup(value);
 		}
 
@@ -457,14 +451,9 @@ void procmime_scan_content_disposition(MimeInfo *mimeinfo,
 
 		if (*value) {
 			if (!strcasecmp(attr, "filename")) {
-				gchar *tmp;
-				size_t len;
-
-				len = strlen(value) + 1;
-				Xalloca(tmp, len, return);
-				conv_unmime_header(tmp, len, value, NULL);
 				g_free(mimeinfo->filename);
-				mimeinfo->filename = g_strdup(tmp);
+				mimeinfo->filename =
+					conv_unmime_header(value, NULL);
 				break;
 			}
 		}