Hi all, attached is a trivial patch which fixes the NULL-pointer deref in the pop3 code as reported in [1]. It occurs if a POP3 server does not add anything to the initial “+OK” greeting, which is very unusual, but perfectly legal according to RFC 1939.
The patch also includes the following changes which do not influence the code behaviour: - silence a bunch of Flexelint warnings in the siobuf code; - add missing execute permission to the libnetclient test echo server script. Cheers, Albrecht. [1] <https://gitlab.gnome.org/GNOME/balsa/issues/15> --- Patch details: - libnetclient/net-client-pop.c: make sure net_client_pop_read_reply() does not return a NULL server reply string on success (fix issue #15) - libnetclient/net-client-siobuf.c: silence a bunch of Flexelint warnings, no change in code behaviour - libnetclient/test/echoserver.py: add missing executable flag
diff --git a/libnetclient/net-client-pop.c b/libnetclient/net-client-pop.c
index 5967fdbff..ec96a88a6 100644
--- a/libnetclient/net-client-pop.c
+++ b/libnetclient/net-client-pop.c
@@ -426,8 +426,12 @@ net_client_pop_read_reply(NetClientPop *client, gchar **reply, GError **error)
result = net_client_read_line(NET_CLIENT(client), &reply_buf, error);
if (result) {
if (strncmp(reply_buf, "+OK", 3U) == 0) {
- if ((strlen(reply_buf) > 3U) && (reply != NULL)) {
- *reply = g_strdup(&reply_buf[4]);
+ if (reply != NULL) {
+ if (strlen(reply_buf) > 3U) {
+ *reply = g_strdup(&reply_buf[4]);
+ } else {
+ *reply = g_strdup("");
+ }
}
} else if (strncmp(reply_buf, "-ERR", 4U) == 0) {
if (strlen(reply_buf) > 4U) {
diff --git a/libnetclient/net-client-siobuf.c b/libnetclient/net-client-siobuf.c
index 48936a4f6..3b8dc70ac 100644
--- a/libnetclient/net-client-siobuf.c
+++ b/libnetclient/net-client-siobuf.c
@@ -74,6 +74,7 @@ net_client_siobuf_read(NetClientSioBuf *client, void *buffer, gsize count, GErro
gsize avail;
gsize chunk;
+ /*lint -e{737,946,947,9029} allowed exception according to MISRA Rules 18.2 and 18.3 */
avail = priv->buffer->len - (priv->read_ptr - priv->buffer->str);
if (avail > left) {
chunk = left;
@@ -119,6 +120,7 @@ net_client_siobuf_ungetc(NetClientSioBuf *client)
g_return_val_if_fail(NET_IS_CLIENT_SIOBUF(client), -1);
priv = client->priv;
+ /*lint -e{946} allowed exception according to MISRA Rules 18.2 and 18.3 */
if ((priv->buffer->len != 0U) && (priv->read_ptr > priv->buffer->str)) {
priv->read_ptr--;
retval = 0;
@@ -142,6 +144,7 @@ net_client_siobuf_gets(NetClientSioBuf *client, gchar *buffer, gsize buflen, GEr
gsize avail;
gsize chunk;
+ /*lint -e{737,946,947,9029} allowed exception according to MISRA Rules 18.2 and 18.3 */
avail = priv->buffer->len - (priv->read_ptr - priv->buffer->str);
if (avail > (buflen - 1U)) {
chunk = buflen - 1U;
@@ -163,7 +166,7 @@ net_client_siobuf_gets(NetClientSioBuf *client, gchar *buffer, gsize buflen, GEr
gchar *
net_client_siobuf_get_line(NetClientSioBuf *client, GError **error)
{
- NetClientSioBufPrivate *priv;
+ const NetClientSioBufPrivate *priv;
gchar *result;
g_return_val_if_fail(NET_IS_CLIENT_SIOBUF(client), NULL);
@@ -172,6 +175,7 @@ net_client_siobuf_get_line(NetClientSioBuf *client, GError **error)
if (net_client_siobuf_fill(client, error)) {
gsize avail;
+ /*lint -e{737,946,947,9029} allowed exception according to MISRA Rules 18.2 and 18.3 */
avail = priv->buffer->len - (priv->read_ptr - priv->buffer->str);
if (avail > 2U) {
result = g_strndup(priv->read_ptr, avail - 2U);
@@ -210,7 +214,7 @@ net_client_siobuf_write(NetClientSioBuf *client, const void *buffer, gsize count
{
g_return_if_fail(NET_IS_CLIENT_SIOBUF(client) && (buffer != NULL) && (count > 0U));
- g_string_append_len(client->priv->writebuf, (const gchar *) buffer, count);
+ (void) g_string_append_len(client->priv->writebuf, (const gchar *) buffer, (gssize) count);
}
@@ -230,16 +234,16 @@ net_client_siobuf_printf(NetClientSioBuf *client, const gchar *format, ...)
gboolean
net_client_siobuf_flush(NetClientSioBuf *client, GError **error)
{
- NetClientSioBufPrivate *priv;
+ const NetClientSioBufPrivate *priv;
gboolean result;
g_return_val_if_fail(NET_IS_CLIENT_SIOBUF(client), FALSE);
priv = client->priv;
if (priv->writebuf->len > 0U) {
- g_string_append(priv->writebuf, "\r\n");
+ (void) g_string_append(priv->writebuf, "\r\n");
result = net_client_write_buffer(NET_CLIENT(client), priv->writebuf->str, priv->writebuf->len, error);
- g_string_truncate(priv->writebuf, 0U);
+ (void) g_string_truncate(priv->writebuf, 0U);
} else {
result = FALSE;
}
@@ -277,8 +281,8 @@ net_client_siobuf_fill(NetClientSioBuf *client, GError **error)
result = net_client_read_line(NET_CLIENT(client), &read_buf, error);
if (result) {
- g_string_assign(priv->buffer, read_buf);
- g_string_append(priv->buffer, "\r\n");
+ (void) g_string_assign(priv->buffer, read_buf);
+ (void) g_string_append(priv->buffer, "\r\n");
priv->read_ptr = priv->buffer->str;
g_free(read_buf);
}
@@ -296,7 +300,7 @@ net_client_siobuf_finalise(GObject *object)
const NetClientSioBuf *client = NET_CLIENT_SIOBUF(object);
const GObjectClass *parent_class = G_OBJECT_CLASS(net_client_siobuf_parent_class);
- g_string_free(client->priv->buffer, TRUE);
- g_string_free(client->priv->writebuf, TRUE);
+ (void) g_string_free(client->priv->buffer, TRUE);
+ (void) g_string_free(client->priv->writebuf, TRUE);
(*parent_class->finalize)(object);
}
diff --git a/libnetclient/test/echoserver.py b/libnetclient/test/echoserver.py
old mode 100644
new mode 100755
pgpUtgLI4JrkV.pgp
Description: PGP signature
_______________________________________________ balsa-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/balsa-list
