[dovecot-cvs] dovecot/src/util idxview.c,1.2,1.3
tss at dovecot.org
tss at dovecot.org
Fri Mar 23 22:47:40 EET 2007
Update of /var/lib/cvs/dovecot/src/util
In directory talvi:/tmp/cvs-serv23720
Modified Files:
idxview.c
Log Message:
Try to avoid crashes a bit harder with broken cache files.
Index: idxview.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/util/idxview.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- idxview.c 20 Mar 2007 15:00:25 -0000 1.2
+++ idxview.c 23 Mar 2007 20:47:38 -0000 1.3
@@ -180,6 +180,10 @@
i_fatal("cache file fields read() %"PRIuSIZE_T" != %u",
ret, fields.size);
}
+ printf("fields_count: %u\n", fields.fields_count);
+
+ if (fields.fields_count > 10000)
+ i_fatal("Broken fields_count");
last_used = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_LAST_USED());
size = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_SIZE(fields.fields_count));
@@ -187,6 +191,9 @@
decision = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_DECISION(fields.fields_count));
names = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_NAMES(fields.fields_count));
+ if (names - (const char *)buf >= fields.size)
+ i_fatal("Fields go outside allocated size");
+
i_array_init(&cache_fields, 64);
memset(&field, 0, sizeof(field));
for (i = 0; i < fields.fields_count; i++) {
More information about the dovecot-cvs
mailing list