search

jstedfast / gmime

A C/C++ MIME creation and parser library with support for S/MIME, PGP, and Unix mbox spools.
GNU Lesser General Public License v2.1
111 stars 36 forks source link

Memory leak in function address_parse #159

Closed detrio333 closed 5 months ago

detrio333 commented 5 months ago

Hi

I checked my app with gmime both fuzzing test and AdressSanitizer. Fuzzing suggests a little strange data nevertheless it's way to safete work.

src: internet-address.c func: 

static gboolean
address_parse (GMimeParserOptions *options, AddressParserFlags flags, const char **in, const char **charset, InternetAddress **address, gint64 offset)

https://github.com/jstedfast/gmime/blob/d6b01dec1c610dd33d2cb640ef4cbe7eb76df1af/gmime/internet-address.c#L1963

        char *name, *addrspec;
        int at;

        /* rewind back to the beginning of the local-part */
        inptr = start;

        if (!addrspec_parse (&inptr, COMMA_GREATER_THAN_OR_SEMICOLON, &addrspec, &at))
            goto error;

        skip_lwsp (&inptr);

        if (*inptr == '(') {
            const char *comment = inptr;

            if (!skip_comment (&inptr))
                goto error;

            comment++;

            name = decode_name (options, comment, (size_t) ((inptr - 1) - comment), charset, offset);
        } else {
            name = g_strdup ("");
        }

I had deal with From tag =?UTF-8?B?bGVzQGRyd2ViLet6?= <kpfsgxh@rwwv.com>uddgtddvucet@[192.168.1.12] (Unknown [120.8?B?5LujIOX-Real-To: apov@navitera.by. Absence ')' is important

addrspec_parse allocate memory for addrspec. if (!skip_comment (&inptr)) follow to goto error with no g_free(addrspec)