[dovecot-cvs] dovecot/src/lib file-cache.c,1.12.2.1,1.12.2.2

[tss at dovecot.org]

Update of /var/lib/cvs/dovecot/src/lib
In directory talvi:/tmp/cvs-serv9155

Modified Files:
      Tag: branch_1_0
	file-cache.c 
Log Message:
Off-by-one buffer overflow fix. The code gets executed only with
mmap_disable=yes when it's reading cache file.



Index: file-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib/file-cache.c,v
retrieving revision 1.12.2.1
retrieving revision 1.12.2.2
diff -u -d -r1.12.2.1 -r1.12.2.2
--- file-cache.c	28 May 2006 23:43:44 -0000	1.12.2.1
+++ file-cache.c	18 Nov 2006 23:14:58 -0000	1.12.2.2
@@ -128,8 +128,8 @@
 	i_assert(psize > 0);
 
 	bits = buffer_get_space_unsafe(cache->page_bitmask, 0,
-				       poffset / CHAR_BIT +
-				       (psize + CHAR_BIT - 1) / CHAR_BIT);
+				       (poffset + psize + CHAR_BIT - 1) /
+				       CHAR_BIT);
 
 	dest_offset = poffset * page_size;
 	dest = PTR_OFFSET(cache->mmap_base, dest_offset);