13 Apr
2015
13 Apr
'15
6:27 p.m.
- Trash plugin does not check 'unlimited' values in bytes_ceil/count_ceil and may overflow them when add expunged size/messages check any overflow
ctx->bytes_ceil += size_expunged;ctx->count_ceil += expunged_count;
if (ctx->bytes_ceil > ((uint64_t)-1 - size_expunged)) {ctx->bytes_ceil = (uint64_t)-1;} else {ctx->bytes_ceil += size_expunged;}if (ctx->count_ceil > ((uint64_t)-1 - expunged_count)) {ctx->count_ceil = (uint64_t)-1;} else {ctx->count_ceil += expunged_count;}
Attached the last patch.
Regards, Alexei