dovecot-1.2: message header parser: Fixed handling NUL character...
dovecot at dovecot.org
dovecot at dovecot.org
Wed May 11 15:17:32 EEST 2011
details: http://hg.dovecot.org/dovecot-1.2/rev/ede60b230594
changeset: 9643:ede60b230594
user: Timo Sirainen <tss at iki.fi>
date: Wed May 11 15:17:02 2011 +0300
description:
message header parser: Fixed handling NUL characters in header names.
line->name_len was too large and line->middle pointer may have pointed past
allocated memory. These may have caused crashes/corruption (fts, mbox at
least).
diffstat:
src/lib-mail/message-header-parser.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diffs (14 lines):
diff -r e7721f67688a -r ede60b230594 src/lib-mail/message-header-parser.c
--- a/src/lib-mail/message-header-parser.c Sat Mar 12 16:05:57 2011 +0200
+++ b/src/lib-mail/message-header-parser.c Wed May 11 15:17:02 2011 +0300
@@ -311,7 +311,9 @@
colon_pos--;
str_truncate(ctx->name, 0);
- str_append_n(ctx->name, msg, colon_pos);
+ /* use buffer_append() so the name won't be truncated if there
+ are NULs. */
+ buffer_append(ctx->name, msg, colon_pos);
str_append_c(ctx->name, '\0');
/* keep middle stored also in ctx->name so it's available
More information about the dovecot-cvs
mailing list