dovecot-2.2: imap: Don't crash if APPEND command is given with i...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/1c2e42bf8825
changeset: 18614:1c2e42bf8825
user:      Timo Sirainen <tss at iki.fi>
date:      Sat May 09 19:35:31 2015 +0300
description:
imap: Don't crash if APPEND command is given with invalid parameters.
Found by Coverity.

diffstat:

 src/imap/cmd-append.c |  21 +++++++++++----------
 1 files changed, 11 insertions(+), 10 deletions(-)

diffs (37 lines):

diff -r 024fb73d7d62 -r 1c2e42bf8825 src/imap/cmd-append.c
--- a/src/imap/cmd-append.c	Sat May 09 19:31:17 2015 +0300
+++ b/src/imap/cmd-append.c	Sat May 09 19:35:31 2015 +0300
@@ -493,22 +493,23 @@
 	valid = FALSE;
 	*nonsync_r = FALSE;
 	ctx->catenate = FALSE;
-	if (imap_arg_atom_equals(args, "CATENATE")) {
-		args++;
-		if (imap_arg_get_list(args, &cat_list)) {
-			valid = TRUE;
-			ctx->catenate = TRUE;
-		}
+	if (imap_arg_get_literal_size(args, &ctx->literal_size)) {
+		*nonsync_r = args->type == IMAP_ARG_LITERAL_SIZE_NONSYNC;
+		ctx->binary_input = args->literal8;
+		valid = TRUE;
+	} else if (!imap_arg_atom_equals(args, "CATENATE")) {
+		/* invalid */
+	} else if (!imap_arg_get_list(++args, &cat_list)) {
+		/* invalid */
+	} else {
+		valid = TRUE;
+		ctx->catenate = TRUE;
 		/* We'll do BINARY conversion only if the CATENATE's first
 		   part is a literal8. If it doesn't and a literal8 is seen
 		   later we'll abort the append with UNKNOWN-CTE. */
 		ctx->binary_input = imap_arg_atom_equals(&cat_list[0], "TEXT") &&
 			cat_list[1].literal8;
 
-	} else if (imap_arg_get_literal_size(args, &ctx->literal_size)) {
-		*nonsync_r = args->type == IMAP_ARG_LITERAL_SIZE_NONSYNC;
-		ctx->binary_input = args->literal8;
-		valid = TRUE;
 	}
 	if (!IMAP_ARG_IS_EOL(&args[1]))
 		valid = FALSE;