dovecot-2.0: lib-index: Added extra checks against broken extens...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Apr 5 19:07:04 EEST 2011
details: http://hg.dovecot.org/dovecot-2.0/rev/64f354128f4e
changeset: 12716:64f354128f4e
user: Timo Sirainen <tss at iki.fi>
date: Tue Apr 05 19:07:01 2011 +0300
description:
lib-index: Added extra checks against broken extension record introductions.
diffstat:
src/lib-index/mail-index-map.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diffs (22 lines):
diff -r 6cc356a5d0a5 -r 64f354128f4e src/lib-index/mail-index-map.c
--- a/src/lib-index/mail-index-map.c Tue Apr 05 13:26:45 2011 +0300
+++ b/src/lib-index/mail-index-map.c Tue Apr 05 19:07:01 2011 +0300
@@ -162,6 +162,18 @@
return -1;
}
+ /* until we get 128 bit CPUs having a larger alignment is pointless */
+ if (ext_hdr->record_align > sizeof(uint64_t)) {
+ *error_r = "Record alignment is too large";
+ return -1;
+ }
+ /* a large record size is most likely a bug somewhere. the maximum
+ record size is limited to 64k anyway, so try to fail earlier. */
+ if (ext_hdr->record_size > sizeof(uint16_t)/2) {
+ *error_r = "Record size is too large";
+ return -1;
+ }
+
if (ext_hdr->record_offset + ext_hdr->record_size > hdr->record_size) {
*error_r = t_strdup_printf("Record field points "
"outside record size (%u+%u > %u)",
More information about the dovecot-cvs
mailing list