Skipped 2 existing revision(s) on branch '1.4'.
commit 4b185e35fe2e274346ff7c3f7a44c4b131bb0285
Merge: 594e60b d55ced0
Author: Oswald Buddenhagen <o...@users.sf.net>
Date: Sun Feb 21 21:26:54 2021 +0100
Merge branch '1.3' into 1.4
Conflicts:
configure.ac
src/drv_imap.c
src/drv_imap.c | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --cc src/drv_imap.c
index e6e4b26,fbe2fed..f18500d
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@@ -1378,9 -1258,8 +1378,9 @@@ static in
parse_list_rsp_p2( imap_store_t *ctx, list_t *list, char *cmd ATTR_UNUSED )
{
string_list_t *narg;
- char *arg;
+ char *arg, c;
- int argl, l;
+ int argl;
+ uint l;
if (!is_atom( list )) {
error( "IMAP error: malformed LIST response\n" );
@@@ -1417,13 -1298,43 +1417,41 @@@
memcpy( arg, "INBOX", 5 );
}
if (argl >= 5 && !memcmp( arg + argl - 5, ".lock", 5 )) /* workaround
broken servers */
- goto skip;
+ return LIST_OK;
if (map_name( arg, (char **)&narg, offsetof(string_list_t, string),
ctx->delimiter, "/") < 0) {
warn( "IMAP warning: ignoring mailbox %s (reserved character
'/' in name)\n", arg );
- goto skip;
+ return LIST_OK;
}
+ // Validate the normalized name. Technically speaking, we could tolerate
+ // '//' and '/./', and '/../' being forbidden is a limitation of the
Maildir
+ // driver, but there isn't really a legitimate reason for these being
present.
+ for (const char *p = narg->string, *sp = p;;) {
+ if (!(c = *p) || c == '/') {
+ uint pcl = (uint)(p - sp);
+ if (!pcl) {
+ error( "IMAP warning: ignoring mailbox '%s' due
to empty name component\n", narg->string );
+ free( narg );
- goto skip;
++ return LIST_OK;
+ }
+ if (pcl == 1 && sp[0] == '.') {
+ error( "IMAP warning: ignoring mailbox '%s' due
to '.' component\n", narg->string );
+ free( narg );
- goto skip;
++ return LIST_OK;
+ }
+ if (pcl == 2 && sp[0] == '.' && sp[1] == '.') {
+ error( "IMAP error: LIST'd mailbox name '%s'
contains '..' component - THIS MIGHT BE AN ATTEMPT TO HACK YOU!\n",
narg->string );
+ free( narg );
- goto listbad;
++ return LIST_BAD;
+ }
+ if (!c)
+ break;
+ sp = ++p;
+ } else {
+ ++p;
+ }
+ }
narg->next = ctx->boxes;
ctx->boxes = narg;
- skip:
- free_list( list );
return LIST_OK;
}
===== Full diff against 1st parent =====
diff --git a/src/drv_imap.c b/src/drv_imap.c
index e6e4b26..f18500d 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1378,7 +1378,7 @@ static int
parse_list_rsp_p2( imap_store_t *ctx, list_t *list, char *cmd ATTR_UNUSED )
{
string_list_t *narg;
- char *arg;
+ char *arg, c;
int argl;
uint l;
@@ -1422,6 +1422,34 @@ parse_list_rsp_p2( imap_store_t *ctx, list_t *list, char
*cmd ATTR_UNUSED )
warn( "IMAP warning: ignoring mailbox %s (reserved character
'/' in name)\n", arg );
return LIST_OK;
}
+ // Validate the normalized name. Technically speaking, we could tolerate
+ // '//' and '/./', and '/../' being forbidden is a limitation of the
Maildir
+ // driver, but there isn't really a legitimate reason for these being
present.
+ for (const char *p = narg->string, *sp = p;;) {
+ if (!(c = *p) || c == '/') {
+ uint pcl = (uint)(p - sp);
+ if (!pcl) {
+ error( "IMAP warning: ignoring mailbox '%s' due
to empty name component\n", narg->string );
+ free( narg );
+ return LIST_OK;
+ }
+ if (pcl == 1 && sp[0] == '.') {
+ error( "IMAP warning: ignoring mailbox '%s' due
to '.' component\n", narg->string );
+ free( narg );
+ return LIST_OK;
+ }
+ if (pcl == 2 && sp[0] == '.' && sp[1] == '.') {
+ error( "IMAP error: LIST'd mailbox name '%s'
contains '..' component - THIS MIGHT BE AN ATTEMPT TO HACK YOU!\n",
narg->string );
+ free( narg );
+ return LIST_BAD;
+ }
+ if (!c)
+ break;
+ sp = ++p;
+ } else {
+ ++p;
+ }
+ }
narg->next = ctx->boxes;
ctx->boxes = narg;
return LIST_OK;
_______________________________________________
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
