[dovecot-cvs] dovecot/src/lib-index mail-index.c, 1.230.2.12, 1.230.2.13
tss at dovecot.org
tss at dovecot.org
Tue Jan 16 18:27:44 UTC 2007
Update of /var/lib/cvs/dovecot/src/lib-index
In directory talvi:/tmp/cvs-serv27732
Modified Files:
Tag: branch_1_0
mail-index.c
Log Message:
Make sure that extensions don't point outside allocated record size.
Index: mail-index.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-index/mail-index.c,v
retrieving revision 1.230.2.12
retrieving revision 1.230.2.13
diff -u -d -r1.230.2.12 -r1.230.2.13
--- mail-index.c 16 Jan 2007 15:07:39 -0000 1.230.2.12
+++ mail-index.c 16 Jan 2007 18:27:42 -0000 1.230.2.13
@@ -338,6 +338,17 @@
return -1;
}
+ if (map->hdr.record_size <
+ ext_hdr->record_offset + ext_hdr->record_size) {
+ mail_index_set_error(index, "Corrupted index file %s: "
+ "Record field %s points outside record size "
+ "(%u < %u+%u)", index->filepath, name,
+ map->hdr.record_size,
+ ext_hdr->record_offset, ext_hdr->record_size);
+ t_pop();
+ return -1;
+ }
+
if ((ext_hdr->record_offset % ext_hdr->record_align) != 0 ||
(map->hdr.record_size % ext_hdr->record_align) != 0) {
mail_index_set_error(index, "Corrupted index file %s: "
@@ -346,7 +357,6 @@
t_pop();
return -1;
}
-
mail_index_map_register_ext(index, map, name,
offset, ext_hdr->hdr_size,
ext_hdr->record_offset,
More information about the dovecot-cvs
mailing list