dovecot-2.2: mbox: Fixed crash/corruption in some situations whe...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/94bd895721d8
changeset: 18534:94bd895721d8
user:      Timo Sirainen <tss at iki.fi>
date:      Thu May 07 00:01:08 2015 +0300
description:
mbox: Fixed crash/corruption in some situations when the first mail was expunged.
This could be reproduced with default mbox settings, IMAP session that does
 - STORE 1 +FLAGS \DELETED
 - EXPUNGE

With mbox containing:

===
>From root at example.com  Tue Jan 13 10:18:16 2015

a

>From root at example.com  Tue Jan 13 10:18:20 2015

a

===

diffstat:

 src/lib-storage/index/mbox/mbox-sync.c |  11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diffs (38 lines):

diff -r 18b71db74d31 -r 94bd895721d8 src/lib-storage/index/mbox/mbox-sync.c
--- a/src/lib-storage/index/mbox/mbox-sync.c	Wed May 06 19:50:23 2015 +0300
+++ b/src/lib-storage/index/mbox/mbox-sync.c	Thu May 07 00:01:08 2015 +0300
@@ -640,7 +640,7 @@
 static int mbox_sync_handle_header(struct mbox_sync_mail_context *mail_ctx)
 {
 	struct mbox_sync_context *sync_ctx = mail_ctx->sync_ctx;
-	uoff_t orig_from_offset;
+	uoff_t orig_from_offset, postlf_from_offset = (uoff_t)-1;
 	off_t move_diff;
 	int ret;
 
@@ -657,6 +657,7 @@
 			if (sync_ctx->first_mail_crlf_expunged)
 				mail_ctx->mail.from_offset++;
 		}
+		postlf_from_offset = mail_ctx->mail.from_offset;
 
 		/* read the From-line before rewriting overwrites it */
 		if (mbox_read_from_line(mail_ctx) < 0)
@@ -710,10 +711,16 @@
 			/* create dummy message to describe the expunged data */
 			struct mbox_sync_mail mail;
 
+			/* if this is going to be the first mail, increase the
+			   from_offset to point to the beginning of the
+			   From-line, because the previous [CR]LF is already
+			   covered by expunged_space. */
+			i_assert(postlf_from_offset != (uoff_t)-1);
+			mail_ctx->mail.from_offset = postlf_from_offset;
+
 			memset(&mail, 0, sizeof(mail));
 			mail.expunged = TRUE;
 			mail.offset = mail.from_offset =
-				(sync_ctx->dest_first_mail ? 1 : 0) +
 				mail_ctx->mail.from_offset -
 				sync_ctx->expunged_space;
 			mail.space = sync_ctx->expunged_space;