|
|
d1e772 |
From 185152818541f5cdc059cbff3f3e8b654fc27c1d Mon Sep 17 00:00:00 2001
|
|
|
d1e772 |
From: Kevin McCarthy <kevin@8t8.us>
|
|
|
d1e772 |
Date: Sat, 7 Jul 2018 19:03:44 -0700
|
|
|
d1e772 |
Subject: [PATCH] Properly quote IMAP mailbox names when (un)subscribing.
|
|
|
d1e772 |
|
|
|
d1e772 |
When handling automatic subscription (via $imap_check_subscribed), or
|
|
|
d1e772 |
manual subscribe/unsubscribe commands, mutt generating a "mailboxes"
|
|
|
d1e772 |
command but failed to properly escape backquotes.
|
|
|
d1e772 |
|
|
|
d1e772 |
Thanks to Jeriko One for the detailed bug report and patch, which this
|
|
|
d1e772 |
commit is based upon.
|
|
|
d1e772 |
---
|
|
|
d1e772 |
imap/command.c | 5 +++--
|
|
|
d1e772 |
imap/imap.c | 7 +++++--
|
|
|
d1e772 |
imap/imap_private.h | 3 ++-
|
|
|
d1e772 |
imap/util.c | 25 ++++++++++++++++++++-----
|
|
|
d1e772 |
4 files changed, 30 insertions(+), 10 deletions(-)
|
|
|
d1e772 |
|
|
|
d1e772 |
diff --git a/imap/command.c b/imap/command.c
|
|
|
d1e772 |
index c8825981..c79d4f28 100644
|
|
|
d1e772 |
--- a/imap/command.c
|
|
|
d1e772 |
+++ b/imap/command.c
|
|
|
d1e772 |
@@ -842,8 +842,9 @@ static void cmd_parse_lsub (IMAP_DATA* idata, char* s)
|
|
|
d1e772 |
|
|
|
d1e772 |
strfcpy (buf, "mailboxes \"", sizeof (buf));
|
|
|
d1e772 |
mutt_account_tourl (&idata->conn->account, &url;;
|
|
|
d1e772 |
- /* escape \ and " */
|
|
|
d1e772 |
- imap_quote_string(errstr, sizeof (errstr), list.name);
|
|
|
d1e772 |
+ /* escape \ and ". Also escape ` because the resulting
|
|
|
d1e772 |
+ * string will be passed to mutt_parse_rc_line. */
|
|
|
d1e772 |
+ imap_quote_string_and_backquotes (errstr, sizeof (errstr), list.name);
|
|
|
d1e772 |
url.path = errstr + 1;
|
|
|
d1e772 |
url.path[strlen(url.path) - 1] = '\0';
|
|
|
d1e772 |
if (!mutt_strcmp (url.user, ImapUser))
|
|
|
d1e772 |
diff --git a/imap/imap.c b/imap/imap.c
|
|
|
d1e772 |
index 668203b8..c3a8ffd0 100644
|
|
|
d1e772 |
--- a/imap/imap.c
|
|
|
d1e772 |
+++ b/imap/imap.c
|
|
|
d1e772 |
@@ -1930,6 +1930,7 @@ int imap_subscribe (char *path, int subscribe)
|
|
|
d1e772 |
char buf[LONG_STRING];
|
|
|
d1e772 |
char mbox[LONG_STRING];
|
|
|
d1e772 |
char errstr[STRING];
|
|
|
d1e772 |
+ int mblen;
|
|
|
d1e772 |
BUFFER err, token;
|
|
|
d1e772 |
IMAP_MBOX mx;
|
|
|
d1e772 |
|
|
|
d1e772 |
@@ -1951,8 +1952,10 @@ int imap_subscribe (char *path, int subscribe)
|
|
|
d1e772 |
memset (&token, 0, sizeof (token));
|
|
|
d1e772 |
err.data = errstr;
|
|
|
d1e772 |
err.dsize = sizeof (errstr);
|
|
|
d1e772 |
- snprintf (mbox, sizeof (mbox), "%smailboxes \"%s\"",
|
|
|
d1e772 |
- subscribe ? "" : "un", path);
|
|
|
d1e772 |
+ mblen = snprintf (mbox, sizeof (mbox), "%smailboxes ",
|
|
|
d1e772 |
+ subscribe ? "" : "un");
|
|
|
d1e772 |
+ imap_quote_string_and_backquotes (mbox + mblen, sizeof(mbox) - mblen,
|
|
|
d1e772 |
+ path);
|
|
|
d1e772 |
if (mutt_parse_rc_line (mbox, &token, &err))
|
|
|
d1e772 |
dprint (1, (debugfile, "Error adding subscribed mailbox: %s\n", errstr));
|
|
|
d1e772 |
FREE (&token.data);
|
|
|
d1e772 |
diff --git a/imap/imap_private.h b/imap/imap_private.h
|
|
|
d1e772 |
index 312fbfe4..349c5a49 100644
|
|
|
d1e772 |
--- a/imap/imap_private.h
|
|
|
d1e772 |
+++ b/imap/imap_private.h
|
|
|
d1e772 |
@@ -301,7 +301,8 @@ char* imap_next_word (char* s);
|
|
|
d1e772 |
time_t imap_parse_date (char* s);
|
|
|
d1e772 |
void imap_make_date (char* buf, time_t timestamp);
|
|
|
d1e772 |
void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path);
|
|
|
d1e772 |
-void imap_quote_string (char* dest, size_t slen, const char* src);
|
|
|
d1e772 |
+void imap_quote_string (char* dest, size_t dlen, const char* src);
|
|
|
d1e772 |
+void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src);
|
|
|
d1e772 |
void imap_unquote_string (char* s);
|
|
|
d1e772 |
void imap_munge_mbox_name (char *dest, size_t dlen, const char *src);
|
|
|
d1e772 |
void imap_unmunge_mbox_name (char *s);
|
|
|
d1e772 |
diff --git a/imap/util.c b/imap/util.c
|
|
|
d1e772 |
index 914c93c3..3274a70c 100644
|
|
|
d1e772 |
--- a/imap/util.c
|
|
|
d1e772 |
+++ b/imap/util.c
|
|
|
d1e772 |
@@ -608,11 +608,10 @@ void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path)
|
|
|
d1e772 |
}
|
|
|
d1e772 |
|
|
|
d1e772 |
|
|
|
d1e772 |
-/* imap_quote_string: quote string according to IMAP rules:
|
|
|
d1e772 |
- * surround string with quotes, escape " and \ with \ */
|
|
|
d1e772 |
-void imap_quote_string (char *dest, size_t dlen, const char *src)
|
|
|
d1e772 |
+static void _imap_quote_string (char *dest, size_t dlen, const char *src,
|
|
|
d1e772 |
+ const char *to_quote)
|
|
|
d1e772 |
{
|
|
|
d1e772 |
- char quote[] = "\"\\", *pt;
|
|
|
d1e772 |
+ char *pt;
|
|
|
d1e772 |
const char *s;
|
|
|
d1e772 |
|
|
|
d1e772 |
pt = dest;
|
|
|
d1e772 |
@@ -625,7 +623,7 @@ void imap_quote_string (char *dest, size_t dlen, const char *src)
|
|
|
d1e772 |
|
|
|
d1e772 |
for (; *s && dlen; s++)
|
|
|
d1e772 |
{
|
|
|
d1e772 |
- if (strchr (quote, *s))
|
|
|
d1e772 |
+ if (strchr (to_quote, *s))
|
|
|
d1e772 |
{
|
|
|
d1e772 |
dlen -= 2;
|
|
|
d1e772 |
if (!dlen)
|
|
|
d1e772 |
@@ -643,6 +641,23 @@ void imap_quote_string (char *dest, size_t dlen, const char *src)
|
|
|
d1e772 |
*pt = 0;
|
|
|
d1e772 |
}
|
|
|
d1e772 |
|
|
|
d1e772 |
+/* imap_quote_string: quote string according to IMAP rules:
|
|
|
d1e772 |
+ * surround string with quotes, escape " and \ with \ */
|
|
|
d1e772 |
+void imap_quote_string (char *dest, size_t dlen, const char *src)
|
|
|
d1e772 |
+{
|
|
|
d1e772 |
+ _imap_quote_string (dest, dlen, src, "\"\\");
|
|
|
d1e772 |
+}
|
|
|
d1e772 |
+
|
|
|
d1e772 |
+/* imap_quote_string_and_backquotes: quote string according to IMAP rules:
|
|
|
d1e772 |
+ * surround string with quotes, escape " and \ with \.
|
|
|
d1e772 |
+ * Additionally, escape backquotes with \ to protect against code injection
|
|
|
d1e772 |
+ * when using the resulting string in mutt_parse_rc_line().
|
|
|
d1e772 |
+ */
|
|
|
d1e772 |
+void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src)
|
|
|
d1e772 |
+{
|
|
|
d1e772 |
+ _imap_quote_string (dest, dlen, src, "\"\\`");
|
|
|
d1e772 |
+}
|
|
|
d1e772 |
+
|
|
|
d1e772 |
/* imap_unquote_string: equally stupid unquoting routine */
|
|
|
d1e772 |
void imap_unquote_string (char *s)
|
|
|
d1e772 |
{
|
|
|
d1e772 |
--
|
|
|
d1e772 |
2.18.0
|
|
|
d1e772 |
|