[dovecot/pigeonhole] ed170e: lib-sieve: util: rfc2822: Fix assert panic occurri...

GitHub noreply at github.com
Mon Sep 10 10:00:12 EEST 2018 

  Branch: refs/heads/master-0.5
  Home:   https://github.com/dovecot/pigeonhole
  Commit: ed170e17d9476926730bbd580d58a39b7502881f
      https://github.com/dovecot/pigeonhole/commit/ed170e17d9476926730bbd580d58a39b7502881f
  Author: Stephan Bosch <stephan.bosch at dovecot.fi>
  Date:   2018-09-10 (Mon, 10 Sep 2018)

  Changed paths:
    M src/lib-sieve/util/rfc2822.c

  Log Message:
  -----------
  lib-sieve: util: rfc2822: Fix assert panic occurring in rfc2822_header_append().

Panic was: "Buffer write out of range"

With some rather weird (sender-provided!) input, the header folding algorithm
got confused, causing a pointer to the start of the current line to exceed the
parsing pointer. This caused str_append_data() to be called with a negative
size. Added an assertion to make any future similar problems more obvious.


  Commit: 3564cc307e6bfe34ad33c355b1dcaf3c4f7e5323
      https://github.com/dovecot/pigeonhole/commit/3564cc307e6bfe34ad33c355b1dcaf3c4f7e5323
  Author: Stephan Bosch <stephan.bosch at dovecot.fi>
  Date:   2018-09-10 (Mon, 10 Sep 2018)

  Changed paths:
    M src/lib-sieve/util/rfc2822.c

  Log Message:
  -----------
  lib-sieve: util: rfc2822: Prevent writing header lines with trailing whitespace in rfc2822_header_append().


  Commit: d9966fa8754dae662080ca0ad63e0fb840f4252c
      https://github.com/dovecot/pigeonhole/commit/d9966fa8754dae662080ca0ad63e0fb840f4252c
  Author: Stephan Bosch <stephan.bosch at dovecot.fi>
  Date:   2018-09-10 (Mon, 10 Sep 2018)

  Changed paths:
    M src/lib-sieve/util/Makefile.am
    A src/lib-sieve/util/test-rfc2822.c

  Log Message:
  -----------
  lib-sieve: util: Add tests for rfc2822_header_write().


Compare: https://github.com/dovecot/pigeonhole/compare/8647d31f1fb9...d9966fa8754d
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the dovecot-cvs mailing list