[dovecot-cvs] dovecot/src/lib file-cache.c,1.13,1.14

tss at dovecot.org tss at dovecot.org
Sat Nov 18 23:15:04 UTC 2006


Update of /var/lib/cvs/dovecot/src/lib
In directory talvi:/tmp/cvs-serv9151

Modified Files:
	file-cache.c 
Log Message:
Off-by-one buffer overflow fix. The code gets executed only with
mmap_disable=yes when it's reading cache file.



Index: file-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib/file-cache.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- file-cache.c	30 May 2006 08:37:10 -0000	1.13
+++ file-cache.c	18 Nov 2006 23:15:02 -0000	1.14
@@ -128,8 +128,8 @@
 	i_assert(psize > 0);
 
 	bits = buffer_get_space_unsafe(cache->page_bitmask, 0,
-				       poffset / CHAR_BIT +
-				       (psize + CHAR_BIT - 1) / CHAR_BIT);
+				       (poffset + psize + CHAR_BIT - 1) /
+				       CHAR_BIT);
 
 	dest_offset = poffset * page_size;
 	dest = PTR_OFFSET(cache->mmap_base, dest_offset);



More information about the dovecot-cvs mailing list