dovecot-2.2: lib-index: Detect broken log_file_tail_offset updat...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Oct 23 02:05:31 UTC 2014
details: http://hg.dovecot.org/dovecot-2.2/rev/575dcd85b4be
changeset: 17983:575dcd85b4be
user: Timo Sirainen <tss at iki.fi>
date: Thu Oct 23 05:04:37 2014 +0300
description:
lib-index: Detect broken log_file_tail_offset updates without assert-crashing.
diffstat:
src/lib-index/mail-transaction-log-file.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diffs (37 lines):
diff -r d92c1c666bc3 -r 575dcd85b4be src/lib-index/mail-transaction-log-file.c
--- a/src/lib-index/mail-transaction-log-file.c Thu Oct 23 04:16:48 2014 +0300
+++ b/src/lib-index/mail-transaction-log-file.c Thu Oct 23 05:04:37 2014 +0300
@@ -935,10 +935,11 @@
static int
log_file_track_mailbox_sync_offset_hdr(struct mail_transaction_log_file *file,
- const void *data, unsigned int size)
+ const void *data, unsigned int trans_size)
{
const struct mail_transaction_header_update *u = data;
const struct mail_index_header *ihdr;
+ const unsigned int size = trans_size - sizeof(struct mail_transaction_header);
const unsigned int offset_pos =
offsetof(struct mail_index_header, log_file_tail_offset);
const unsigned int offset_size = sizeof(ihdr->log_file_tail_offset);
@@ -961,6 +962,10 @@
if (tail_offset < file->saved_tail_offset) {
/* ignore shrinking tail offsets */
return 1;
+ } else if (tail_offset > file->sync_offset + trans_size) {
+ mail_transaction_log_file_set_corrupted(file,
+ "log_file_tail_offset %u goes past sync offset %"PRIuUOFF_T,
+ tail_offset, file->sync_offset + trans_size);
} else {
file->saved_tail_offset = tail_offset;
if (tail_offset > file->max_tail_offset)
@@ -1277,8 +1282,7 @@
case MAIL_TRANSACTION_HEADER_UPDATE:
/* see if this updates mailbox_sync_offset */
ret = log_file_track_mailbox_sync_offset_hdr(file, data,
- trans_size -
- sizeof(*hdr));
+ trans_size);
if (ret != 0)
return ret < 0 ? -1 : 1;
break;
More information about the dovecot-cvs
mailing list