Ticket #38: verifycancel-newsgroups.patch

File verifycancel-newsgroups.patch, 2.4 KB (added by eagle, 14 years ago)

Patch against INN 2.4.1

  • art.c

    old new  
    11371137}
    11381138
    11391139/*
    1140 **  Verify if a cancel message is valid.  If the user posting the cancel
    1141 **  matches the user who posted the article, return the list of filenames
    1142 **  otherwise return NULL.
     1140**  Verify if a cancel message is valid.  Unless at least one group in the
     1141**  cancel message's Newsgroups: line can be found in the Newsgroups: line
     1142**  of the article to be cancelled, the cancel is considered bogus and
     1143**  false is returned.
    11431144*/
    11441145static bool
    11451146ARTcancelverify(const ARTDATA *data, const char *MessageID, TOKEN *token)
    11461147{
    11471148  const char    *p;
    11481149  char          *q, *q1;
     1150  char          **gp;
    11491151  const char    *local;
    11501152  char          buff[SMBUF];
    11511153  ARTHANDLE     *art;
     
    11551157    return false;
    11561158  if ((art = SMretrieve(*token, RETR_HEAD)) == NULL)
    11571159    return false;
    1158   local = wire_findheader(art->data, art->len, "Sender");
     1160  /* Copy Newsgroups: from article be to cancelled to q.
     1161   * Double-terminate q (sentinel) */
     1162  local = wire_findheader(art->data, art->len, "Newsgroups");
    11591163  if (local == NULL) {
    1160     local = wire_findheader(art->data, art->len, "From");
    1161     if (local == NULL) {
    1162       SMfreearticle(art);
    1163       return false;
    1164     }
     1164    SMfreearticle(art);
     1165    return false;
    11651166  }
    11661167  for (p = local; p < art->data + art->len; p++) {
    11671168    if (*p == '\r' || *p == '\n')
     
    11711172    SMfreearticle(art);
    11721173    return false;
    11731174  }
    1174   q = xmalloc(p - local + 1);
     1175  q = xmalloc(p - local + 2);
    11751176  memcpy(q, local, p - local);
    11761177  SMfreearticle(art);
    11771178  q[p - local] = '\0';
    1178   HeaderCleanFrom(q);
     1179  q[p - local + 1] = '\0';
    11791180
    1180   /* Compare canonical forms. */
    1181   q1 = xstrdup(data->Poster);
    1182   HeaderCleanFrom(q1);
    1183   if (strcmp(q, q1) != 0) {
    1184     r = false;
    1185     sprintf(buff, "\"%.50s\" wants to cancel %s by \"%.50s\"",
    1186       q1, MaxLength(MessageID, MessageID), q);
    1187     ARTlog(data, ART_REJECT, buff);
    1188   }
    1189   else {
    1190     r = true;
     1181  /* replace separator , by \0 */
     1182  for (q1 = q; *q1; q1++)
     1183    if (NG_ISSEP(*q1))
     1184      *q1 = '\0';
     1185
     1186  r = false;
     1187  for (gp = data->Newsgroups.List; *gp && !r; gp++) {
     1188    for (q1 = q; *q1; q1 += strlen(q1) + 1) {
     1189      if (strcmp(q1, *gp) == 0) {
     1190        r = true;
     1191        break;
     1192      }
     1193    }
    11911194  }
    1192   free(q1);
    11931195  free(q);
     1196
     1197  if (!r) {
     1198    sprintf(buff, "no matching Newsgroups in cancel %s",
     1199      MaxLength(MessageID, MessageID));
     1200    ARTlog(data, ART_REJECT, buff);
     1201  }
    11941202  return r;
    11951203}