[Dovecot] segfault in dovecot imap 1.1.1 to 1.1.3
Rene Luria
operator at infomaniak.ch
Thu Oct 2 00:47:21 EEST 2008
Ok, found the problem.
Here is a patch against 1.1.3 solving this issue
it comes from the "undisclosed-recipients:;" string
and incrementing ctx->parser.data going after the end of the buffer
maybe there are other issues like this one because in many other
places in message-address.c the pointer gets incremented without
checking if it passes data.end
eventhough rfc822_skip_lwsp is called right after most of the time
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3837 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20081001/2736306d/attachment.bin
More information about the dovecot
mailing list