dovecot: Make sure the extension name doesn't contain control ch...

dovecot at dovecot.org dovecot at dovecot.org
Sat Sep 15 13:07:49 EEST 2007 

details:   http://hg.dovecot.org/dovecot/rev/2c8b1d487728
changeset: 6384:2c8b1d487728
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Sep 15 10:51:03 2007 +0300
description:
Make sure the extension name doesn't contain control characters. It most
likely means the extension header is corrupted.

diffstat:

2 files changed, 17 insertions(+), 7 deletions(-)
src/lib-index/mail-index-map.c |   20 +++++++++++++-------
src/lib-index/mail-index.c     |    4 ++++

diffs (65 lines):

diff -r 6d5c3ce9426c -r 2c8b1d487728 src/lib-index/mail-index-map.c
--- a/src/lib-index/mail-index-map.c	Sat Sep 15 10:46:22 2007 +0300
+++ b/src/lib-index/mail-index-map.c	Sat Sep 15 10:51:03 2007 +0300
@@ -2,6 +2,7 @@
 
 #include "lib.h"
 #include "array.h"
+#include "str-sanitize.h"
 #include "nfs-workarounds.h"
 #include "mmap-util.h"
 #include "read-full.h"
@@ -156,13 +157,10 @@ static int mail_index_parse_extensions(s
 		t_push();
 		name = t_strndup(CONST_PTR_OFFSET(map->hdr_base, name_offset),
 				 ext_hdr->name_size);
-
-		if (mail_index_map_lookup_ext(map, name, NULL)) {
-			mail_index_set_error(index, "Corrupted index file %s: "
-				"Duplicate header extension %s",
-				index->filepath, name);
-			t_pop();
-			return -1;
+		if (strcmp(name, str_sanitize(name, -1)) != 0) {
+			/* we allow only plain ASCII names, so this extension
+			   is most likely broken */
+			name = "";
 		}
 
 		if ((ext_hdr->record_size == 0 && ext_hdr->hdr_size == 0) ||
@@ -175,6 +173,14 @@ static int mail_index_parse_extensions(s
 			t_pop();
 			return -1;
 		}
+		if (mail_index_map_lookup_ext(map, name, NULL)) {
+			mail_index_set_error(index, "Corrupted index file %s: "
+				"Duplicate header extension %s",
+				index->filepath, name);
+			t_pop();
+			return -1;
+		}
+
 		if (map->hdr.record_size <
 		    ext_hdr->record_offset + ext_hdr->record_size) {
 			mail_index_set_error(index, "Corrupted index file %s: "
diff -r 6d5c3ce9426c -r 2c8b1d487728 src/lib-index/mail-index.c
--- a/src/lib-index/mail-index.c	Sat Sep 15 10:46:22 2007 +0300
+++ b/src/lib-index/mail-index.c	Sat Sep 15 10:51:03 2007 +0300
@@ -5,6 +5,7 @@
 #include "array.h"
 #include "buffer.h"
 #include "hash.h"
+#include "str-sanitize.h"
 #include "mmap-util.h"
 #include "nfs-workarounds.h"
 #include "read-full.h"
@@ -89,6 +90,9 @@ uint32_t mail_index_ext_register(struct 
         const struct mail_index_registered_ext *extensions;
 	struct mail_index_registered_ext rext;
 	unsigned int i, ext_count;
+
+	if (strcmp(name, str_sanitize(name, -1)) != 0)
+		i_panic("mail_index_ext_register(%s): Invalid name", name);
 
 	extensions = array_get(&index->extensions, &ext_count);

More information about the dovecot-cvs mailing list