125 lines
4.2 KiB
Diff
125 lines
4.2 KiB
Diff
|
From 5d937a51725609adcfba2c663ca4c1fe65974a55 Mon Sep 17 00:00:00 2001
|
||
|
From: Jan Engelhardt <jengelh@inai.de>
|
||
|
Date: Mon, 17 Sep 2018 17:15:28 +0200
|
||
|
Subject: [PATCH 3/5] vcc.y - fix infinite loop with non-hex digits
|
||
|
References: https://github.com/libical/libical/pull/354
|
||
|
|
||
|
When nonsensical characters are used in a QP character,
|
||
|
an infinite loop would occur in the vcard parser.
|
||
|
|
||
|
"N;ENCODING=QUOTED-PRINTABLE:=c3=g4\n"
|
||
|
|
||
|
References: #353
|
||
|
---
|
||
|
src/libicalvcal/vcc.c | 38 ++++++++++++++++----------------------
|
||
|
src/libicalvcal/vcc.y | 38 ++++++++++++++++----------------------
|
||
|
2 files changed, 32 insertions(+), 44 deletions(-)
|
||
|
|
||
|
diff --git a/src/libicalvcal/vcc.c b/src/libicalvcal/vcc.c
|
||
|
index 29354df4..f723a4e1 100644
|
||
|
--- a/src/libicalvcal/vcc.c
|
||
|
+++ b/src/libicalvcal/vcc.c
|
||
|
@@ -1146,31 +1146,25 @@ static char* lexGetQuotedPrintable()
|
||
|
cur = lexGetc();
|
||
|
switch (cur) {
|
||
|
case '=': {
|
||
|
- int c = 0;
|
||
|
- int next[2];
|
||
|
- int i;
|
||
|
- for (i = 0; i < 2; i++) {
|
||
|
- next[i] = hexdigit_decode(lexGetc());
|
||
|
- if (next[i] < 0)
|
||
|
- break;
|
||
|
+ int c = 0, d;
|
||
|
+ cur = lexGetc();
|
||
|
+ if (cur == '\n') {
|
||
|
+ ++mime_lineNum;
|
||
|
+ break;
|
||
|
}
|
||
|
- if (i == 0) {
|
||
|
- /* single '=' follow by LINESEP is continuation sign? */
|
||
|
- if (next[0] == '\n') {
|
||
|
- ++mime_lineNum;
|
||
|
- }
|
||
|
- else {
|
||
|
- lexPushLookaheadc('=');
|
||
|
- goto EndString;
|
||
|
- }
|
||
|
+ d = hexdigit_decode(cur);
|
||
|
+ if (d < 0) {
|
||
|
+ lexAppendc(cur);
|
||
|
+ break;
|
||
|
}
|
||
|
- else if (i == 1) {
|
||
|
- lexPushLookaheadc(next[1]);
|
||
|
- lexPushLookaheadc(next[0]);
|
||
|
- lexAppendc('=');
|
||
|
- } else {
|
||
|
- lexAppendc(c);
|
||
|
+ c = d << 4;
|
||
|
+ cur = lexGetc();
|
||
|
+ d = hexdigit_decode(cur);
|
||
|
+ if (d < 0) {
|
||
|
+ lexAppendc(cur);
|
||
|
+ break;
|
||
|
}
|
||
|
+ lexAppendc(c | d);
|
||
|
break;
|
||
|
} /* '=' */
|
||
|
case '\n': {
|
||
|
diff --git a/src/libicalvcal/vcc.y b/src/libicalvcal/vcc.y
|
||
|
index a052e9a2..4f52fe35 100644
|
||
|
--- a/src/libicalvcal/vcc.y
|
||
|
+++ b/src/libicalvcal/vcc.y
|
||
|
@@ -967,31 +967,25 @@ static char* lexGetQuotedPrintable()
|
||
|
cur = lexGetc();
|
||
|
switch (cur) {
|
||
|
case '=': {
|
||
|
- int c = 0;
|
||
|
- int next[2];
|
||
|
- int i;
|
||
|
- for (i = 0; i < 2; i++) {
|
||
|
- next[i] = hexdigit_decode(lexGetc());
|
||
|
- if (next[i] < 0)
|
||
|
- break;
|
||
|
+ int c = 0, d;
|
||
|
+ cur = lexGetc();
|
||
|
+ if (cur == '\n') {
|
||
|
+ ++mime_lineNum;
|
||
|
+ break;
|
||
|
}
|
||
|
- if (i == 0) {
|
||
|
- /* single '=' follow by LINESEP is continuation sign? */
|
||
|
- if (next[0] == '\n') {
|
||
|
- ++mime_lineNum;
|
||
|
- }
|
||
|
- else {
|
||
|
- lexPushLookaheadc('=');
|
||
|
- goto EndString;
|
||
|
- }
|
||
|
+ d = hexdigit_decode(cur);
|
||
|
+ if (d < 0) {
|
||
|
+ lexAppendc(cur);
|
||
|
+ break;
|
||
|
}
|
||
|
- else if (i == 1) {
|
||
|
- lexPushLookaheadc(next[1]);
|
||
|
- lexPushLookaheadc(next[0]);
|
||
|
- lexAppendc('=');
|
||
|
- } else {
|
||
|
- lexAppendc(c);
|
||
|
+ c = d << 4;
|
||
|
+ cur = lexGetc();
|
||
|
+ d = hexdigit_decode(cur);
|
||
|
+ if (d < 0) {
|
||
|
+ lexAppendc(cur);
|
||
|
+ break;
|
||
|
}
|
||
|
+ lexAppendc(c | d);
|
||
|
break;
|
||
|
} /* '=' */
|
||
|
case '\n': {
|
||
|
--
|
||
|
2.19.1
|
||
|
|