dovecot-1.1: message header parser: Fixed handling NUL character...
dovecot at dovecot.org
dovecot at dovecot.org
Wed May 11 15:17:40 EEST 2011
details: http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
changeset: 8371:3698dfe0f21c
user: Timo Sirainen <tss at iki.fi>
date: Wed May 11 15:17:02 2011 +0300
description:
message header parser: Fixed handling NUL characters in header names.
line->name_len was too large and line->middle pointer may have pointed past
allocated memory. These may have caused crashes/corruption (fts, mbox at
least).
diffstat:
src/lib-mail/message-header-parser.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diffs (14 lines):
diff -r 9b17de31aac3 -r 3698dfe0f21c src/lib-mail/message-header-parser.c
--- a/src/lib-mail/message-header-parser.c Fri Mar 04 19:28:31 2011 +0200
+++ b/src/lib-mail/message-header-parser.c Wed May 11 15:17:02 2011 +0300
@@ -310,7 +310,9 @@
colon_pos--;
str_truncate(ctx->name, 0);
- str_append_n(ctx->name, msg, colon_pos);
+ /* use buffer_append() so the name won't be truncated if there
+ are NULs. */
+ buffer_append(ctx->name, msg, colon_pos);
str_append_c(ctx->name, '\0');
/* keep middle stored also in ctx->name so it's available
More information about the dovecot-cvs
mailing list