dovecot-1.0: Don't crash if duplicate database contains broken e...

Sun Sep 16 13:51:54 EEST 2007

details:   http://hg.dovecot.org/dovecot-1.0/rev/9d4e89fa62d0
changeset: 5406:9d4e89fa62d0
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Sep 16 13:51:50 2007 +0300
description:
Don't crash if duplicate database contains broken entries.

diffstat:

1 file changed, 17 insertions(+), 1 deletion(-)
src/deliver/duplicate.c |   18 +++++++++++++++++-

diffs (59 lines):

diff -r 53d5fd13470d -r 9d4e89fa62d0 src/deliver/duplicate.c

--- a/src/deliver/duplicate.c	Sun Sep 16 10:56:33 2007 +0300
+++ b/src/deliver/duplicate.c	Sun Sep 16 13:51:50 2007 +0300
@@ -15,6 +15,7 @@
 
 #define DUPLICATE_PATH "~/.dovecot.lda-dupes"
 #define COMPRESS_PERCENTAGE 10
+#define DUPLICATE_BUFSIZE 4096
 
 struct duplicate {
 	const void *id;
@@ -84,6 +85,7 @@ static int duplicate_read(struct duplica
 	size_t size;
 	time_t stamp;
 	unsigned int offset, id_size, user_size, change_count;
+	bool broken = FALSE;
 
 	fd = open(file->path, O_RDONLY);
 	if (fd == -1) {
@@ -94,7 +96,8 @@ static int duplicate_read(struct duplica
 	}
 
 	/* <timestamp> <id_size> <user_size> <id> <user> */
-	input = i_stream_create_file(fd, default_pool, 4096, FALSE);
+	input = i_stream_create_file(fd, default_pool,
+				     DUPLICATE_BUFSIZE, FALSE);
 
 	change_count = 0;
 	while (i_stream_read_data(input, &data, &size, sizeof(stamp) +
@@ -109,9 +112,18 @@ static int duplicate_read(struct duplica
 
 		i_stream_skip(input, offset);
 
+		if (id_size == 0 || user_size == 0 ||
+		    id_size > DUPLICATE_BUFSIZE ||
+		    user_size > DUPLICATE_BUFSIZE) {
+			i_error("broken duplicate file %s", file->path);
+			broken = TRUE;
+			break;
+		}
+
 		if (i_stream_read_data(input, &data, &size,
 				       id_size + user_size - 1) <= 0) {
 			i_error("unexpected end of file in %s", file->path);
+			broken = TRUE;
 			break;
 		}
 
@@ -142,6 +154,10 @@ static int duplicate_read(struct duplica
 	i_stream_unref(&input);
 	if (close(fd) < 0)
 		i_error("close(%s) failed: %m", file->path);
+	if (broken) {
+		if (unlink(file->path) < 0 && errno != ENOENT)
+			i_error("unlink(%s) failed: %m", file->path);
+	}
 	return 0;
 }
 
