Commit 18515281 authored by Kevin J. McCarthy's avatar Kevin J. McCarthy

Properly quote IMAP mailbox names when (un)subscribing.

When handling automatic subscription (via $imap_check_subscribed), or
manual subscribe/unsubscribe commands, mutt generating a "mailboxes"
command but failed to properly escape backquotes.

Thanks to Jeriko One for the detailed bug report and patch, which this
commit is based upon.
parent df4affd1
Pipeline #25329141 passed with stage
in 13 minutes and 26 seconds
......@@ -842,8 +842,9 @@ static void cmd_parse_lsub (IMAP_DATA* idata, char* s)
strfcpy (buf, "mailboxes \"", sizeof (buf));
mutt_account_tourl (&idata->conn->account, &url);
/* escape \ and " */
imap_quote_string(errstr, sizeof (errstr), list.name);
/* escape \ and ". Also escape ` because the resulting
* string will be passed to mutt_parse_rc_line. */
imap_quote_string_and_backquotes (errstr, sizeof (errstr), list.name);
url.path = errstr + 1;
url.path[strlen(url.path) - 1] = '\0';
if (!mutt_strcmp (url.user, ImapUser))
......
......@@ -1930,6 +1930,7 @@ int imap_subscribe (char *path, int subscribe)
char buf[LONG_STRING];
char mbox[LONG_STRING];
char errstr[STRING];
int mblen;
BUFFER err, token;
IMAP_MBOX mx;
......@@ -1951,8 +1952,10 @@ int imap_subscribe (char *path, int subscribe)
mutt_buffer_init (&err);
err.data = errstr;
err.dsize = sizeof (errstr);
snprintf (mbox, sizeof (mbox), "%smailboxes \"%s\"",
subscribe ? "" : "un", path);
mblen = snprintf (mbox, sizeof (mbox), "%smailboxes ",
subscribe ? "" : "un");
imap_quote_string_and_backquotes (mbox + mblen, sizeof(mbox) - mblen,
path);
if (mutt_parse_rc_line (mbox, &token, &err))
dprint (1, (debugfile, "Error adding subscribed mailbox: %s\n", errstr));
FREE (&token.data);
......
......@@ -301,7 +301,8 @@ char* imap_next_word (char* s);
time_t imap_parse_date (char* s);
void imap_make_date (char* buf, time_t timestamp);
void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path);
void imap_quote_string (char* dest, size_t slen, const char* src);
void imap_quote_string (char* dest, size_t dlen, const char* src);
void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src);
void imap_unquote_string (char* s);
void imap_munge_mbox_name (IMAP_DATA *idata, char *dest, size_t dlen, const char *src);
void imap_unmunge_mbox_name (IMAP_DATA *idata, char *s);
......
......@@ -608,11 +608,9 @@ void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path)
}
/* imap_quote_string: quote string according to IMAP rules:
* surround string with quotes, escape " and \ with \ */
void imap_quote_string (char *dest, size_t dlen, const char *src)
static void _imap_quote_string (char *dest, size_t dlen, const char *src,
const char *to_quote)
{
static const char quote[] = "\"\\";
char *pt;
const char *s;
......@@ -625,7 +623,7 @@ void imap_quote_string (char *dest, size_t dlen, const char *src)
for (; *s && dlen; s++)
{
if (strchr (quote, *s))
if (strchr (to_quote, *s))
{
dlen -= 2;
if (!dlen)
......@@ -643,6 +641,23 @@ void imap_quote_string (char *dest, size_t dlen, const char *src)
*pt = 0;
}
/* imap_quote_string: quote string according to IMAP rules:
* surround string with quotes, escape " and \ with \ */
void imap_quote_string (char *dest, size_t dlen, const char *src)
{
_imap_quote_string (dest, dlen, src, "\"\\");
}
/* imap_quote_string_and_backquotes: quote string according to IMAP rules:
* surround string with quotes, escape " and \ with \.
* Additionally, escape backquotes with \ to protect against code injection
* when using the resulting string in mutt_parse_rc_line().
*/
void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src)
{
_imap_quote_string (dest, dlen, src, "\"\\`");
}
/* imap_unquote_string: equally stupid unquoting routine */
void imap_unquote_string (char *s)
{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment