Bug 3563 - URL parser will read out of bounds when closing bracket is missing in get_url_part
: URL parser will read out of bounds when closing bracket is missing in get_url...
Status: RESOLVED FIXED
Product: Claws Mail
Classification: Unclassified
Component: Other
: other
: PC Linux
: P3 normal
Assigned To: users
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-15 21:41 CET by Hanno Boeck
Modified: 2015-11-16 10:25 CET (History)
0 users

See Also:


Attachments
patch / fix (341 bytes, patch)
2015-11-15 21:41 CET, Hanno Boeck
no flags Details | Diff
minimal email sample triggering the bug (16 bytes, text/plain)
2015-11-15 21:42 CET, Hanno Boeck
no flags Details
Address Sanitizer full debug output (4.34 KB, text/plain)
2015-11-15 21:43 CET, Hanno Boeck
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Boeck 2015-11-15 21:41:07 CET
Created attachment 1601 [details]
patch / fix

The URL parser code in mainwindow.c will read beyond the bounds of its input buffer if an URL which is missing a closing bracket is passed.

This can happen e.g. when the List-Archive header is broken (which currently seems to be the case with Google Groups due to a bug there).

See attached patch which should fix this. This was found with address sanitizer.

I'll also attach the address sanitizer error message and a minimal sample input mail that will trigger this bug.
Comment 1 Hanno Boeck 2015-11-15 21:42:24 CET
Created attachment 1602 [details]
minimal email sample triggering the bug
Comment 2 Hanno Boeck 2015-11-15 21:43:08 CET
Created attachment 1603 [details]
Address Sanitizer full debug output
Comment 3 users 2015-11-16 10:17:02 CET
Changes related to this bug have been committed.
Please check latest Git and update the bug accordingly.
You can also get the patch from:
http://git.claws-mail.org/

++ ChangeLog	2015-11-16 10:17:02.317616930 +0100
http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=c7030e74363abe028f4369c0dfc3762829db7b34
Merge: e8971e4 8f65fc9
Author: Colin Leroy <colin@colino.net>
Date:   Mon Nov 16 10:17:01 2015 +0100

    Merge branch 'master' of file:///home/git/claws

http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=8f65fc9f8be8d30ba67d8f4a64256e8645aa0dc1
Merge: 2a2a1bd 0314464
Author: Colin Leroy <colin@colino.net>
Date:   Mon Nov 16 10:17:24 2015 +0100

    Merge branch 'master' of ssh+git://git.claws-mail.org/home/git/claws

http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=2a2a1bd7db0949e1763661b6098b31a6cd82f617
Author: Colin Leroy <colin@colino.net>
Date:   Mon Nov 16 10:04:16 2015 +0100

    Fix bug #3563 (URL parser will read out of bounds when closing bracket is missing in get_url_part)
    Patch by Hanno Boeck