[dovecot-cvs] dovecot/src/lib-index mail-index.c,1.253,1.254

tss at dovecot.org tss at dovecot.org
Tue Jan 16 18:27:46 UTC 2007


Update of /var/lib/cvs/dovecot/src/lib-index
In directory talvi:/tmp/cvs-serv27739

Modified Files:
	mail-index.c 
Log Message:
Make sure that extensions don't point outside allocated record size.



Index: mail-index.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-index/mail-index.c,v
retrieving revision 1.253
retrieving revision 1.254
diff -u -d -r1.253 -r1.254
--- mail-index.c	16 Jan 2007 15:07:43 -0000	1.253
+++ mail-index.c	16 Jan 2007 18:27:44 -0000	1.254
@@ -342,6 +342,17 @@
 			return -1;
 		}
 
+		if (map->hdr.record_size <
+		    ext_hdr->record_offset + ext_hdr->record_size) {
+			mail_index_set_error(index, "Corrupted index file %s: "
+				"Record field %s points outside record size "
+				"(%u < %u+%u)", index->filepath, name,
+				map->hdr.record_size,
+				ext_hdr->record_offset, ext_hdr->record_size);
+			t_pop();
+			return -1;
+		}
+
 		if ((ext_hdr->record_offset % ext_hdr->record_align) != 0 ||
 		    (map->hdr.record_size % ext_hdr->record_align) != 0) {
 			mail_index_set_error(index, "Corrupted index file %s: "
@@ -350,7 +361,6 @@
 			t_pop();
 			return -1;
 		}
-
 		mail_index_map_register_ext(index, map, name,
 					    offset, ext_hdr->hdr_size,
 					    ext_hdr->record_offset,



More information about the dovecot-cvs mailing list