dovecot: Make sure the extension name doesn't contain control ch...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Sep 15 13:07:49 EEST 2007
details: http://hg.dovecot.org/dovecot/rev/2c8b1d487728
changeset: 6384:2c8b1d487728
user: Timo Sirainen <tss at iki.fi>
date: Sat Sep 15 10:51:03 2007 +0300
description:
Make sure the extension name doesn't contain control characters. It most
likely means the extension header is corrupted.
diffstat:
2 files changed, 17 insertions(+), 7 deletions(-)
src/lib-index/mail-index-map.c | 20 +++++++++++++-------
src/lib-index/mail-index.c | 4 ++++
diffs (65 lines):
diff -r 6d5c3ce9426c -r 2c8b1d487728 src/lib-index/mail-index-map.c
--- a/src/lib-index/mail-index-map.c Sat Sep 15 10:46:22 2007 +0300
+++ b/src/lib-index/mail-index-map.c Sat Sep 15 10:51:03 2007 +0300
@@ -2,6 +2,7 @@
#include "lib.h"
#include "array.h"
+#include "str-sanitize.h"
#include "nfs-workarounds.h"
#include "mmap-util.h"
#include "read-full.h"
@@ -156,13 +157,10 @@ static int mail_index_parse_extensions(s
t_push();
name = t_strndup(CONST_PTR_OFFSET(map->hdr_base, name_offset),
ext_hdr->name_size);
-
- if (mail_index_map_lookup_ext(map, name, NULL)) {
- mail_index_set_error(index, "Corrupted index file %s: "
- "Duplicate header extension %s",
- index->filepath, name);
- t_pop();
- return -1;
+ if (strcmp(name, str_sanitize(name, -1)) != 0) {
+ /* we allow only plain ASCII names, so this extension
+ is most likely broken */
+ name = "";
}
if ((ext_hdr->record_size == 0 && ext_hdr->hdr_size == 0) ||
@@ -175,6 +173,14 @@ static int mail_index_parse_extensions(s
t_pop();
return -1;
}
+ if (mail_index_map_lookup_ext(map, name, NULL)) {
+ mail_index_set_error(index, "Corrupted index file %s: "
+ "Duplicate header extension %s",
+ index->filepath, name);
+ t_pop();
+ return -1;
+ }
+
if (map->hdr.record_size <
ext_hdr->record_offset + ext_hdr->record_size) {
mail_index_set_error(index, "Corrupted index file %s: "
diff -r 6d5c3ce9426c -r 2c8b1d487728 src/lib-index/mail-index.c
--- a/src/lib-index/mail-index.c Sat Sep 15 10:46:22 2007 +0300
+++ b/src/lib-index/mail-index.c Sat Sep 15 10:51:03 2007 +0300
@@ -5,6 +5,7 @@
#include "array.h"
#include "buffer.h"
#include "hash.h"
+#include "str-sanitize.h"
#include "mmap-util.h"
#include "nfs-workarounds.h"
#include "read-full.h"
@@ -89,6 +90,9 @@ uint32_t mail_index_ext_register(struct
const struct mail_index_registered_ext *extensions;
struct mail_index_registered_ext rext;
unsigned int i, ext_count;
+
+ if (strcmp(name, str_sanitize(name, -1)) != 0)
+ i_panic("mail_index_ext_register(%s): Invalid name", name);
extensions = array_get(&index->extensions, &ext_count);
More information about the dovecot-cvs
mailing list