[dovecot/pigeonhole] 411079: lib-sieve: util: rfc2822: Fix assert panic occurri...

GitHub noreply at github.com
Mon Aug 27 14:30:06 EEST 2018 

  Branch: refs/heads/master
  Home:   https://github.com/dovecot/pigeonhole
  Commit: 41107911344158c577d7cede5cc24ad699c430d4
      https://github.com/dovecot/pigeonhole/commit/41107911344158c577d7cede5cc24ad699c430d4
  Author: Stephan Bosch <stephan.bosch at dovecot.fi>
  Date:   2018-08-15 (Wed, 15 Aug 2018)

  Changed paths:
    M src/lib-sieve/util/rfc2822.c

  Log Message:
  -----------
  lib-sieve: util: rfc2822: Fix assert panic occurring in rfc2822_header_append().

Panic was: "Buffer write out of range"

With some rather weird (sender-provided!) input, the header folding algorithm
got confused, causing a pointer to the start of the current line to exceed the
parsing pointer. This caused str_append_data() to be called with a negative
size. Added an assertion to make any future similar problems more obvious.


  Commit: 5c8583f82e58878bc578495e1d6d8f2ede554219
      https://github.com/dovecot/pigeonhole/commit/5c8583f82e58878bc578495e1d6d8f2ede554219
  Author: Stephan Bosch <stephan.bosch at dovecot.fi>
  Date:   2018-08-15 (Wed, 15 Aug 2018)

  Changed paths:
    M src/lib-sieve/util/rfc2822.c

  Log Message:
  -----------
  lib-sieve: util: rfc2822: Prevent writing header lines with trailing whitespace in rfc2822_header_append().


  Commit: 7877454e9d32dab44c5f638e03847fe45352a2fa
      https://github.com/dovecot/pigeonhole/commit/7877454e9d32dab44c5f638e03847fe45352a2fa
  Author: Stephan Bosch <stephan.bosch at dovecot.fi>
  Date:   2018-08-15 (Wed, 15 Aug 2018)

  Changed paths:
    M src/lib-sieve/util/Makefile.am
    A src/lib-sieve/util/test-rfc2822.c

  Log Message:
  -----------
  lib-sieve: util: Add tests for rfc2822_header_write().


Compare: https://github.com/dovecot/pigeonhole/compare/c7bd74560103...7877454e9d32
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the dovecot-cvs mailing list