dovecot-2.2: lib-index: Assert-crash instead of writing a broken...

dovecot at dovecot.org dovecot at dovecot.org
Tue Jun 25 15:48:30 EEST 2013 

details:   http://hg.dovecot.org/dovecot-2.2/rev/8cf482b749e2
changeset: 16552:8cf482b749e2
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Jun 25 15:47:48 2013 +0300
description:
lib-index: Assert-crash instead of writing a broken transaction with too large ext header update.

diffstat:

 src/lib-index/mail-index-transaction-export.c |  21 ++++++++++++++-------
 1 files changed, 14 insertions(+), 7 deletions(-)

diffs (84 lines):

diff -r 04c64300f81f -r 8cf482b749e2 src/lib-index/mail-index-transaction-export.c
--- a/src/lib-index/mail-index-transaction-export.c	Tue Jun 25 15:46:50 2013 +0300
+++ b/src/lib-index/mail-index-transaction-export.c	Tue Jun 25 15:47:48 2013 +0300
@@ -82,7 +82,8 @@
 }
 
 static void log_append_ext_intro(struct mail_index_export_context *ctx,
-				 uint32_t ext_id, uint32_t reset_id)
+				 uint32_t ext_id, uint32_t reset_id,
+				 unsigned int *hdr_size_r)
 {
 	struct mail_index_transaction *t = ctx->trans;
 	const struct mail_index_registered_ext *rext;
@@ -161,11 +162,13 @@
 	}
 
 	log_append_buffer(ctx, buf, MAIL_TRANSACTION_EXT_INTRO);
+	*hdr_size_r = intro->hdr_size;
 }
 
 static void
 log_append_ext_hdr_update(struct mail_index_export_context *ctx,
-			const struct mail_index_transaction_ext_hdr_update *hdr)
+			  const struct mail_index_transaction_ext_hdr_update *hdr,
+			  unsigned int ext_hdr_size)
 {
 	buffer_t *buf;
 	const unsigned char *data, *mask;
@@ -197,6 +200,7 @@
 					u.size = u32.size;
 					buffer_append(buf, &u, sizeof(u));
 				}
+				i_assert(u32.offset + u32.size <= ext_hdr_size);
 				buffer_append(buf, data + u32.offset, u32.size);
 				started = FALSE;
 			}
@@ -216,7 +220,7 @@
 	const struct mail_index_transaction_ext_hdr_update *hdrs;
 	struct mail_transaction_ext_reset ext_reset;
 	unsigned int resize_count, ext_count = 0;
-	unsigned int hdrs_count, reset_id_count, reset_count;
+	unsigned int hdrs_count, reset_id_count, reset_count, hdr_size;
 	uint32_t ext_id, reset_id;
 	const struct mail_transaction_ext_reset *reset;
 	const uint32_t *reset_ids;
@@ -276,7 +280,9 @@
 				reset_id = ext_id < reset_id_count ?
 					reset_ids[ext_id] : 0;
 			}
-			log_append_ext_intro(ctx, ext_id, reset_id);
+			log_append_ext_intro(ctx, ext_id, reset_id, &hdr_size);
+		} else {
+			hdr_size = 0;
 		}
 		if (ext_reset.new_reset_id != 0) {
 			i_assert(ext_id < reset_id_count &&
@@ -286,7 +292,8 @@
 		}
 		if (ext_id < hdrs_count && hdrs[ext_id].alloc_size > 0) {
 			T_BEGIN {
-				log_append_ext_hdr_update(ctx, &hdrs[ext_id]);
+				log_append_ext_hdr_update(ctx, &hdrs[ext_id],
+							  hdr_size);
 			} T_END;
 		}
 	}
@@ -299,7 +306,7 @@
 	struct mail_index_transaction *t = ctx->trans;
 	const ARRAY_TYPE(seq_array) *updates;
 	const uint32_t *reset_ids;
-	unsigned int ext_id, count, reset_id_count;
+	unsigned int ext_id, count, reset_id_count, hdr_size;
 	uint32_t reset_id;
 
 	if (!array_is_created(&t->ext_reset_ids)) {
@@ -316,7 +323,7 @@
 			continue;
 
 		reset_id = ext_id < reset_id_count ? reset_ids[ext_id] : 0;
-		log_append_ext_intro(ctx, ext_id, reset_id);
+		log_append_ext_intro(ctx, ext_id, reset_id, &hdr_size);
 
 		log_append_buffer(ctx, updates[ext_id].arr.buffer, type);
 	}

More information about the dovecot-cvs mailing list