SLFO-pool/libical
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
05837ef9ea
libical/0003-vcc.y-fix-infinite-loop-with-non-hex-digits.patch

125 lines
4.2 KiB
Diff
Raw Blame History

From 5d937a51725609adcfba2c663ca4c1fe65974a55 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 17 Sep 2018 17:15:28 +0200
Subject: [PATCH 3/5] vcc.y - fix infinite loop with non-hex digits
References: https://github.com/libical/libical/pull/354
When nonsensical characters are used in a QP character,
an infinite loop would occur in the vcard parser.
"N;ENCODING=QUOTED-PRINTABLE:=c3=g4\n"
References: #353
---
src/libicalvcal/vcc.c | 38 ++++++++++++++++----------------------
src/libicalvcal/vcc.y | 38 ++++++++++++++++----------------------
2 files changed, 32 insertions(+), 44 deletions(-)
diff --git a/src/libicalvcal/vcc.c b/src/libicalvcal/vcc.c
index 29354df4..f723a4e1 100644
--- a/src/libicalvcal/vcc.c
+++ b/src/libicalvcal/vcc.c
@@ -1146,31 +1146,25 @@ static char* lexGetQuotedPrintable()
cur = lexGetc();
switch (cur) {
case '=': {
- int c = 0;
- int next[2];
- int i;
- for (i = 0; i < 2; i++) {
- next[i] = hexdigit_decode(lexGetc());
- if (next[i] < 0)
- break;
+ int c = 0, d;
+ cur = lexGetc();
+ if (cur == '\n') {
+ ++mime_lineNum;
+ break;
}
- if (i == 0) {
- /* single '=' follow by LINESEP is continuation sign? */
- if (next[0] == '\n') {
- ++mime_lineNum;
- }
- else {
- lexPushLookaheadc('=');
- goto EndString;
- }
+ d = hexdigit_decode(cur);
+ if (d < 0) {
+ lexAppendc(cur);
+ break;
}
- else if (i == 1) {
- lexPushLookaheadc(next[1]);
- lexPushLookaheadc(next[0]);
- lexAppendc('=');
- } else {
- lexAppendc(c);
+ c = d << 4;
+ cur = lexGetc();
+ d = hexdigit_decode(cur);
+ if (d < 0) {
+ lexAppendc(cur);
+ break;
}
+ lexAppendc(c | d);
break;
} /* '=' */
case '\n': {
diff --git a/src/libicalvcal/vcc.y b/src/libicalvcal/vcc.y
index a052e9a2..4f52fe35 100644
--- a/src/libicalvcal/vcc.y
+++ b/src/libicalvcal/vcc.y
@@ -967,31 +967,25 @@ static char* lexGetQuotedPrintable()
cur = lexGetc();
switch (cur) {
case '=': {
- int c = 0;
- int next[2];
- int i;
- for (i = 0; i < 2; i++) {
- next[i] = hexdigit_decode(lexGetc());
- if (next[i] < 0)
- break;
+ int c = 0, d;
+ cur = lexGetc();
+ if (cur == '\n') {
+ ++mime_lineNum;
+ break;
}
- if (i == 0) {
- /* single '=' follow by LINESEP is continuation sign? */
- if (next[0] == '\n') {
- ++mime_lineNum;
- }
- else {
- lexPushLookaheadc('=');
- goto EndString;
- }
+ d = hexdigit_decode(cur);
+ if (d < 0) {
+ lexAppendc(cur);
+ break;
}
- else if (i == 1) {
- lexPushLookaheadc(next[1]);
- lexPushLookaheadc(next[0]);
- lexAppendc('=');
- } else {
- lexAppendc(c);
+ c = d << 4;
+ cur = lexGetc();
+ d = hexdigit_decode(cur);
+ if (d < 0) {
+ lexAppendc(cur);
+ break;
}
+ lexAppendc(c | d);
break;
} /* '=' */
case '\n': {
--
2.19.1
Reference in New Issue View Git Blame Copy Permalink