changeset | c1d36f2575c7 |
---|---|
branch | default |
bookmark | |
tag | tip |
user | Timo Sirainen <timo.sirainen@open-xchange.com> |
description | lib-imap: Fix "Don't accept strings with NULs" cherry-pick |
files | src/lib-imap/imap-parser.c |
changeset | d133ed304c89 |
---|---|
branch | |
bookmark | |
tag | |
user | Timo Sirainen <timo.sirainen@open-xchange.com> |
description | lib-imap: Make sure str_unescape() won't be writing past allocated memory The previous commit should already prevent this, but this makes sure it can't become broken in the future either. It makes the performance a tiny bit worse, but that's not practically noticeable. |
files | src/lib-imap/imap-parser.c |
changeset | ae4659f289a9 |
---|---|
branch | |
bookmark | |
tag | |
user | Timo Sirainen <timo.sirainen@open-xchange.com> |
description | lib-imap: Don't accept strings with NULs IMAP doesn't allow NULs except in binary literals. We'll still allow them in regular literals as well, but just not in strings. This fixes a bug with unescaping a string with NULs: str_unescape() could have been called for memory that points outside the allocated string, causing heap corruption. This could cause crashes or theoretically even result in remote code execution exploit. Found by Nick Roessler and Rafi Rubin |
files | src/lib-imap/imap-parser.c |
changeset | c6116e84af30 |
---|---|
branch | |
bookmark | |
tag | |
user | Timo Sirainen <timo.sirainen@open-xchange.com> |
description | lib-http: Add http_client_request_add_missing_header() |
files | src/lib-http/http-client-request.c src/lib-http/http-client.h |
changeset | ddfa057027c5 |
---|---|
branch | |
bookmark | |
tag | |
user | Timo Sirainen <timo.sirainen@open-xchange.com> |
description | lib-http: Add http_client_request_lookup_header() |
files | src/lib-http/http-client-request.c src/lib-http/http-client.h |
changeset | c3a83810cf5b |
---|---|
branch | |
bookmark | |
tag | |
user | Timo Sirainen <timo.sirainen@open-xchange.com> |
description | lib-http: http_client_request_remove_header() - Don't crash if no headers are added Fixes a crash if http_client_request_add_header() hasn't been called before http_client_request_remove_header() |
files | src/lib-http/http-client-request.c |
changeset | 4ea1e4f22a7b |
---|---|
branch | |
bookmark | |
tag | |
user | Timo Sirainen <timo.sirainen@open-xchange.com> |
description | lib-http: http_client_request_add_header() - Replace existing header If header with the same key already exists, just replace the value. HTTP supports having multiple headers with the same key only when they can be rewritten into a single comma-separated header. So practically there's no reason for lib-http to need to support adding multiple headers. Replacing an existing value is more useful generally. |
files | src/lib-http/http-client-request.c src/lib-http/http-client.h |
changeset | 727d9990373e |
---|---|
branch | |
bookmark | |
tag | |
user | Timo Sirainen <timo.sirainen@open-xchange.com> |
description | lib-http: http_client_request_remove_header() - split off header finding |
files | src/lib-http/http-client-request.c |
changeset | 7f2568b494ac |
---|---|
branch | |
bookmark | |
tag | |
user | Stephan Bosch <stephan.bosch@dovecot.fi> |
description | lib: str - Add str_replace(). |
files | src/lib/str.h |
changeset | d7ad84cec527 |
---|---|
branch | |
bookmark | |
tag | |
user | Stephan Bosch <stephan.bosch@dovecot.fi> |
description | lib: buffer - Add buffer_replace(). |
files | src/lib/buffer.c src/lib/buffer.h src/lib/test-buffer.c |