Bug 3563

Summary: URL parser will read out of bounds when closing bracket is missing in get_url_part
Product: Claws Mail Reporter: Hanno Boeck <hanno>
Component: OtherAssignee: users
Status: RESOLVED FIXED    
Severity: normal    
Priority: P3    
Version: other   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
patch / fix
none
minimal email sample triggering the bug
none
Address Sanitizer full debug output none

Description Hanno Boeck 2015-11-15 21:41:07 CET
Created attachment 1601 [details]
patch / fix

The URL parser code in mainwindow.c will read beyond the bounds of its input buffer if an URL which is missing a closing bracket is passed.

This can happen e.g. when the List-Archive header is broken (which currently seems to be the case with Google Groups due to a bug there).

See attached patch which should fix this. This was found with address sanitizer.

I'll also attach the address sanitizer error message and a minimal sample input mail that will trigger this bug.
Comment 1 Hanno Boeck 2015-11-15 21:42:24 CET
Created attachment 1602 [details]
minimal email sample triggering the bug
Comment 2 Hanno Boeck 2015-11-15 21:43:08 CET
Created attachment 1603 [details]
Address Sanitizer full debug output
Comment 3 users 2015-11-16 10:17:02 CET
Changes related to this bug have been committed.
Please check latest Git and update the bug accordingly.
You can also get the patch from:
http://git.claws-mail.org/

++ ChangeLog	2015-11-16 10:17:02.317616930 +0100
http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=c7030e74363abe028f4369c0dfc3762829db7b34
Merge: e8971e4 8f65fc9
Author: Colin Leroy <colin@colino.net>
Date:   Mon Nov 16 10:17:01 2015 +0100

    Merge branch 'master' of file:///home/git/claws

http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=8f65fc9f8be8d30ba67d8f4a64256e8645aa0dc1
Merge: 2a2a1bd 0314464
Author: Colin Leroy <colin@colino.net>
Date:   Mon Nov 16 10:17:24 2015 +0100

    Merge branch 'master' of ssh+git://git.claws-mail.org/home/git/claws

http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=2a2a1bd7db0949e1763661b6098b31a6cd82f617
Author: Colin Leroy <colin@colino.net>
Date:   Mon Nov 16 10:04:16 2015 +0100

    Fix bug #3563 (URL parser will read out of bounds when closing bracket is missing in get_url_part)
    Patch by Hanno Boeck