[Evolution-hackers] CVE-2011-3201 Issue in evolution

2011-09-12 Thread Vibha Yadav
Hi All,

I just came across the bug
https://bugzilla.redhat.com/show_bug.cgi?id=733504 , CVE-2011-3201
evolution: mailto: attachment parameter can lead to accidental data
exfiltration.

Going ahead with the blacklist approach in
https://bugzilla.redhat.com/show_bug.cgi?id=733504#c8, I am attaching a
basic patch.

Kindly provide your opinion about the solution and files to be
blacklisted.

I have following list of files to be blacklisted:

/etc/passwd, /etc/cipe/options, /etc/exports, /etc/gshadow,
/etc/hosts.allow, /etc/hosts.deny, /etc/hosts.equiv,
/etc/ipsec.secrets, /etc/lilo.conf, /etc/ppp/chap-secrets,
/etc/ppp/pap-secrets, /etc/samba/smbpasswd, /etc/securetty,
/etc/security/access.conf, /etc/shadow, /etc/slip/slip.passwd,
/etc/smbpasswd, /etc/snmp/snmpd.conf, /etc/ssh/shosts.equiv,
/etc/ssh, /etc/sudoers, /etc/tripwire, /etc/vpnd/mysecret.key,
/etc/vpnd/vpnd.lcl.key, /etc/vpnd/, /etc/vtund.conf,
.ICEauthority, .Xauthority, .aim/AIM.cfg, .cvspass,
.fetchmailrc, .gaimrc, .gpg/, .gnome_private/, .gnupg/,
.micqrc, .ncftp/firewall, .nessus.keys, .netrc,
.pgp/secring.pgp, .pgp/, .rhosts, .shosts,
.silc/private_key.prv, .ssh, .vmware, .vnc/passwd, .xchat/,
/root/.ICEauthority, /root/.Xauthority, /root/.aim/AIM.cfg,
/root/.cvspass, /root/.fetchmailrc, /root/.gaimrc, /root/.gpg/,
/root/.gnome_private/, /root/.gnupg/,/root/.micqrc,
/root/.ncftp/firewall, /root/.nessus.keys, /root/.netrc,
/root/.pgp/, /root/.rhosts, /root/.shosts,
/root/.silc/private_key.prv, /root/.ssh, /root/.vmware/,
/root/.vnc/passwd, /root/.xchat/serverlist.conf,
/root/.xchat/servers.conf, /var/log/secure*, ., ..

diff --git a/composer/e-msg-composer.c b/composer/e-msg-composer.c
index 22245ea..2939b6a 100644
--- a/composer/e-msg-composer.c
+++ b/composer/e-msg-composer.c
@@ -3998,6 +3998,34 @@ merge_always_cc_and_bcc (EComposerHeaderTable *table,
merge_cc_bcc (addrv, bcc, to, *cc, *bcc);
e_destination_freev (addrv);
 }
+static const gchar *blacklisted_files [] = {/etc/passwd, 
/etc/cipe/options, /etc/exports, /etc/gshadow, /etc/hosts.allow, 
/etc/hosts.deny, 
+   /etc/hosts.equiv, 
/etc/ipsec.secrets, /etc/lilo.conf, /etc/ppp/chap-secrets, 
+   /etc/ppp/pap-secrets, 
/etc/samba/smbpasswd, /etc/securetty, /etc/security/access.conf,
+   /etc/shadow, 
/etc/slip/slip.passwd, /etc/smbpasswd, /etc/snmp/snmpd.conf, 
/etc/ssh/shosts.equiv,
+   /etc/ssh, /etc/sudoers, 
/etc/tripwire, /etc/vpnd/mysecret.key, /etc/vpnd/vpnd.lcl.key, 
/etc/vpnd/,
+   /etc/vtund.conf, 
.ICEauthority, .Xauthority, .aim/AIM.cfg, .cvspass, .fetchmailrc, 
.gaimrc,
+   .gpg/, .gnome_private/, 
.gnupg/, .micqrc, .ncftp/firewall, .nessus.keys, .netrc, 
+   .pgp/secring.pgp, .pgp/, 
.rhosts, .shosts, .silc/private_key.prv, .ssh,
+   .vmware, .vnc/passwd, 
.xchat/, /root/.ICEauthority, /root/.Xauthority, /root/.aim/AIM.cfg,
+   /root/.cvspass, 
/root/.fetchmailrc, /root/.gaimrc, /root/.gpg/, /root/.gnome_private/, 
/root/.gnupg/,
+   /root/.micqrc, 
/root/.ncftp/firewall, /root/.nessus.keys, /root/.netrc, /root/.pgp/, 
/root/.rhosts,
+   /root/.shosts, 
/root/.silc/private_key.prv, /root/.ssh, /root/.vmware/, 
/root/.vnc/passwd,
+   /root/.xchat/serverlist.conf, 
/root/.xchat/servers.conf, /var/log/secure*, ., ..};
+
+gboolean check_blacklisted_file (gchar *filename)
+{
+   gboolean blacklisted = FALSE;
+   gint i,len;
+
+   for(i = 0; !blacklisted  i  G_N_ELEMENTS(blacklisted_files); i++)
+   {
+   len = strlen(blacklisted_files[i]);
+   if(g_strstr_len(filename, len, blacklisted_files[i]))
+   blacklisted = TRUE;
+   }
+   
+   return blacklisted;
+}
 
 static void
 handle_mailto (EMsgComposer *composer,
@@ -4090,8 +4118,17 @@ handle_mailto (EMsgComposer *composer,
} else if (!g_ascii_strcasecmp (header, attach) ||
   !g_ascii_strcasecmp (header, attachment)) {
EAttachment *attachment;
+   gboolean check = FALSE;
+   GError *error = NULL;
 
camel_url_decode (content);
+   check = check_blacklisted_file(content);
+   if(check)
+   {
+   g_warning(Blacklisted File);
+   g_set_error(error, CAMEL_ERROR, 
CAMEL_ERROR_GENERIC,
+   

[Evolution-hackers] New Evolution-Groupwise Repository

2011-05-06 Thread Vibha Yadav
Hi,

The groupwise code from evolution-data-server and evolution has been
splitted off. It has been moved to evolution-groupwise repository

It can be downloaded from

git://git.gnome.org/evolution-groupwise
http://git.gnome.org/browse/evolution-groupwise
ssh://usern...@git.gnome.org/git/evolution-groupwise

Kindly submit all your changes for groupwise code to evolution-groupwise
repository.


-- 
Vibha Yadav yvi...@novell.com

___
evolution-hackers mailing list
evolution-hackers@gnome.org
To change your list options or unsubscribe, visit ...
http://mail.gnome.org/mailman/listinfo/evolution-hackers