[dovecot-cvs] dovecot/src/lib file-cache.c,1.12.2.1,1.12.2.2
tss at dovecot.org
tss at dovecot.org
Sat Nov 18 23:15:00 UTC 2006
Update of /var/lib/cvs/dovecot/src/lib
In directory talvi:/tmp/cvs-serv9155
Modified Files:
Tag: branch_1_0
file-cache.c
Log Message:
Off-by-one buffer overflow fix. The code gets executed only with
mmap_disable=yes when it's reading cache file.
Index: file-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib/file-cache.c,v
retrieving revision 1.12.2.1
retrieving revision 1.12.2.2
diff -u -d -r1.12.2.1 -r1.12.2.2
--- file-cache.c 28 May 2006 23:43:44 -0000 1.12.2.1
+++ file-cache.c 18 Nov 2006 23:14:58 -0000 1.12.2.2
@@ -128,8 +128,8 @@
i_assert(psize > 0);
bits = buffer_get_space_unsafe(cache->page_bitmask, 0,
- poffset / CHAR_BIT +
- (psize + CHAR_BIT - 1) / CHAR_BIT);
+ (poffset + psize + CHAR_BIT - 1) /
+ CHAR_BIT);
dest_offset = poffset * page_size;
dest = PTR_OFFSET(cache->mmap_base, dest_offset);
More information about the dovecot-cvs
mailing list