dovecot-2.0: message header parser: Fixed handling NUL character...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.0/rev/cef76cf2cec9
changeset: 12792:cef76cf2cec9
user:      Timo Sirainen <tss at iki.fi>
date:      Wed May 11 15:17:02 2011 +0300
description:
message header parser: Fixed handling NUL characters in header names.
line->name_len was too large and line->middle pointer may have pointed past
allocated memory.  These may have caused crashes/corruption (fts, mbox at
least).

diffstat:

 src/lib-mail/message-header-parser.c |  4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diffs (14 lines):

diff -r 8f605efb15ce -r cef76cf2cec9 src/lib-mail/message-header-parser.c
--- a/src/lib-mail/message-header-parser.c	Wed May 11 14:35:15 2011 +0300
+++ b/src/lib-mail/message-header-parser.c	Wed May 11 15:17:02 2011 +0300
@@ -311,7 +311,9 @@
 			colon_pos--;
 
 		str_truncate(ctx->name, 0);
-		str_append_n(ctx->name, msg, colon_pos);
+		/* use buffer_append() so the name won't be truncated if there
+		   are NULs. */
+		buffer_append(ctx->name, msg, colon_pos);
 		str_append_c(ctx->name, '\0');
 
 		/* keep middle stored also in ctx->name so it's available