[dovecot-cvs] dovecot/src/lib-storage/index/mbox mbox-sync-parse.c, 1.34, 1.35 mbox-sync-private.h, 1.42, 1.43 mbox-sync.c, 1.135, 1.136

Wed Jan 19 01:18:16 EET 2005

Update of /var/lib/cvs/dovecot/src/lib-storage/index/mbox
In directory talvi:/tmp/cvs-serv23290

Modified Files:
	mbox-sync-parse.c mbox-sync-private.h mbox-sync.c 
Log Message:
Don't allow X-UID headers larger than current next-uid.



Index: mbox-sync-parse.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-storage/index/mbox/mbox-sync-parse.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35

--- mbox-sync-parse.c	15 Dec 2004 19:24:11 -0000	1.34
+++ mbox-sync-parse.c	18 Jan 2005 23:18:14 -0000	1.35
@@ -211,8 +211,23 @@
 
 	if (ctx->sync_ctx != NULL) {
 		if (value >= ctx->sync_ctx->next_uid) {
-			/* next_uid broken - fix it */
-			ctx->sync_ctx->next_uid = value+1;
+			/* UID is larger than expected. */
+			if (ctx->sync_ctx->ibox->mbox_sync_dirty &&
+			    !ctx->sync_ctx->dest_first_mail &&
+			    !ctx->sync_ctx->seen_first_mail) {
+				/* current next-uid isn't necessarily known
+				   if changes were made without updating index
+				   file. restart the sync. */
+				i_assert(!ctx->sync_ctx->sync_restart);
+				ctx->sync_ctx->sync_restart = TRUE;
+				return FALSE;
+			}
+
+			/* Don't allow it because incoming mails can contain
+			   untrusted X-UID fields, causing possibly DoS if
+			   the UIDs get large enough. */
+			ctx->uid_broken = TRUE;
+			return FALSE;
 		}
 
 		if (value <= ctx->sync_ctx->prev_msg_uid) {
@@ -341,6 +356,9 @@
 
 			if (!func->func(ctx, hdr)) {
 				/* this header is broken, remove it */
+				if (ctx->sync_ctx->sync_restart)
+					break;
+
 				ctx->need_rewrite = TRUE;
 				str_truncate(ctx->header, line_start_pos);
 				if (ctx->header_first_change == (size_t)-1) {

Index: mbox-sync-private.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-storage/index/mbox/mbox-sync-private.h,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- mbox-sync-private.h	26 Dec 2004 09:12:45 -0000	1.42
+++ mbox-sync-private.h	18 Jan 2005 23:18:14 -0000	1.43
@@ -111,6 +111,7 @@
 
 	unsigned int dest_first_mail:1;
 	unsigned int seen_first_mail:1;
+	unsigned int sync_restart:1;
 
 	/* global flags: */
 	unsigned int delay_writes:1;

Index: mbox-sync.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-storage/index/mbox/mbox-sync.c,v
retrieving revision 1.135
retrieving revision 1.136
diff -u -d -r1.135 -r1.136
--- mbox-sync.c	29 Dec 2004 19:09:21 -0000	1.135
+++ mbox-sync.c	18 Jan 2005 23:18:14 -0000	1.136
@@ -108,6 +108,9 @@
 	i_assert(sync_ctx->input->v_offset != mail_ctx->mail.from_offset ||
 		 sync_ctx->input->eof);
 
+	if (sync_ctx->sync_restart)
+		return 0;
+
 	mail_ctx->mail.body_size =
 		istream_raw_mbox_get_body_size(sync_ctx->input,
 					       mail_ctx->content_length);
@@ -913,7 +916,7 @@
 					break;
 
 				/* we can skip forward to next record which
-				   needs updating. if it failes because the
+				   needs updating. if it fails because the
 				   offset is dirty, just ignore and continue
 				   from where we are now. */
 				uid = sync_ctx->sync_rec.uid1;
@@ -923,6 +926,9 @@
 		}
 	}
 
+	if (sync_ctx->sync_restart)
+		return 0;
+
 	if (istream_raw_mbox_is_eof(sync_ctx->input)) {
 		/* rest of the messages in index don't exist -> expunge them */
 		while (sync_ctx->idx_seq <= messages_count)
@@ -1089,7 +1095,8 @@
 	sync_ctx->space_diff = 0;
 
 	sync_ctx->dest_first_mail = TRUE;
-        sync_ctx->seen_first_mail = FALSE;
+	sync_ctx->seen_first_mail = FALSE;
+        sync_ctx->sync_restart = FALSE;
 }
 
 static int mbox_sync_do(struct mbox_sync_context *sync_ctx,

