dovecot-1.1: Don't allow too large extension header sizes. They'...

dovecot at dovecot.org dovecot at dovecot.org
Fri Mar 7 03:52:56 EET 2008


details:   http://hg.dovecot.org/dovecot-1.1/rev/8b0fe9c43c85
changeset: 7367:8b0fe9c43c85
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Mar 07 03:52:52 2008 +0200
description:
Don't allow too large extension header sizes. They're probably caused by
file corruption.

diffstat:

2 files changed, 8 insertions(+)
src/lib-index/mail-index-map.c     |    5 +++++
src/lib-index/mail-index-private.h |    3 +++

diffs (28 lines):

diff -r f4990a37a8df -r 8b0fe9c43c85 src/lib-index/mail-index-map.c
--- a/src/lib-index/mail-index-map.c	Fri Mar 07 03:49:36 2008 +0200
+++ b/src/lib-index/mail-index-map.c	Fri Mar 07 03:52:52 2008 +0200
@@ -182,6 +182,11 @@ int mail_index_map_ext_hdr_check(const s
 	     (hdr->record_size % ext_hdr->record_align) != 0)) {
 		*error_r = t_strdup_printf("Record field alignmentation %u "
 					   "not used", ext_hdr->record_align);
+		return -1;
+	}
+	if (ext_hdr->hdr_size > MAIL_INDEX_EXT_HEADER_MAX_SIZE) {
+		*error_r = t_strdup_printf("Headersize too large (%u)",
+					   ext_hdr->hdr_size);
 		return -1;
 	}
 	return 0;
diff -r f4990a37a8df -r 8b0fe9c43c85 src/lib-index/mail-index-private.h
--- a/src/lib-index/mail-index-private.h	Fri Mar 07 03:49:36 2008 +0200
+++ b/src/lib-index/mail-index-private.h	Fri Mar 07 03:52:52 2008 +0200
@@ -18,6 +18,9 @@ struct mail_index_sync_map_ctx;
    This happens with NFS when the file has been deleted (ie. index file was
    rewritten by another computer than us). */
 #define MAIL_INDEX_ESTALE_RETRY_COUNT NFS_ESTALE_RETRY_COUNT
+/* Large extension header sizes are probably caused by file corruption, so
+   try to catch them by limiting the header size. */
+#define MAIL_INDEX_EXT_HEADER_MAX_SIZE (1024*1024*16-1)
 
 #define MAIL_INDEX_IS_IN_MEMORY(index) \
 	((index)->dir == NULL)


More information about the dovecot-cvs mailing list