dovecot-2.2: fts: Improved doveadm fts dump for corrupted expung...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Jun 12 23:20:42 UTC 2014
details: http://hg.dovecot.org/dovecot-2.2/rev/54f1beb8d071
changeset: 17469:54f1beb8d071
user: Timo Sirainen <tss at iki.fi>
date: Fri Jun 13 01:11:24 2014 +0300
description:
fts: Improved doveadm fts dump for corrupted expunge log
Although we may still be trying to allocate up to 2 GB of memory, but at
least no more than that now.
Found by Coverity
diffstat:
src/plugins/fts/doveadm-dump-fts-expunge-log.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diffs (15 lines):
diff -r aac4f4b886d2 -r 54f1beb8d071 src/plugins/fts/doveadm-dump-fts-expunge-log.c
--- a/src/plugins/fts/doveadm-dump-fts-expunge-log.c Fri Jun 13 01:02:48 2014 +0300
+++ b/src/plugins/fts/doveadm-dump-fts-expunge-log.c Fri Jun 13 01:11:24 2014 +0300
@@ -36,6 +36,11 @@
if (ret != sizeof(rec))
i_fatal("rec read() %d != %d", (int)ret, (int)sizeof(rec));
+ if (rec.record_size < sizeof(rec) + sizeof(uint32_t) ||
+ rec.record_size > INT_MAX) {
+ i_fatal("Invalid record_size=%u at offset %"PRIuUOFF_T,
+ rec.record_size, offset);
+ }
data_size = rec.record_size - sizeof(rec);
buffer_set_used_size(buf, 0);
data = buffer_append_space_unsafe(buf, data_size);
More information about the dovecot-cvs
mailing list