dovecot-1.1: Don't allow too large extension header sizes. They'...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Mar 7 03:52:56 EET 2008
details: http://hg.dovecot.org/dovecot-1.1/rev/8b0fe9c43c85
changeset: 7367:8b0fe9c43c85
user: Timo Sirainen <tss at iki.fi>
date: Fri Mar 07 03:52:52 2008 +0200
description:
Don't allow too large extension header sizes. They're probably caused by
file corruption.
diffstat:
2 files changed, 8 insertions(+)
src/lib-index/mail-index-map.c | 5 +++++
src/lib-index/mail-index-private.h | 3 +++
diffs (28 lines):
diff -r f4990a37a8df -r 8b0fe9c43c85 src/lib-index/mail-index-map.c
--- a/src/lib-index/mail-index-map.c Fri Mar 07 03:49:36 2008 +0200
+++ b/src/lib-index/mail-index-map.c Fri Mar 07 03:52:52 2008 +0200
@@ -182,6 +182,11 @@ int mail_index_map_ext_hdr_check(const s
(hdr->record_size % ext_hdr->record_align) != 0)) {
*error_r = t_strdup_printf("Record field alignmentation %u "
"not used", ext_hdr->record_align);
+ return -1;
+ }
+ if (ext_hdr->hdr_size > MAIL_INDEX_EXT_HEADER_MAX_SIZE) {
+ *error_r = t_strdup_printf("Headersize too large (%u)",
+ ext_hdr->hdr_size);
return -1;
}
return 0;
diff -r f4990a37a8df -r 8b0fe9c43c85 src/lib-index/mail-index-private.h
--- a/src/lib-index/mail-index-private.h Fri Mar 07 03:49:36 2008 +0200
+++ b/src/lib-index/mail-index-private.h Fri Mar 07 03:52:52 2008 +0200
@@ -18,6 +18,9 @@ struct mail_index_sync_map_ctx;
This happens with NFS when the file has been deleted (ie. index file was
rewritten by another computer than us). */
#define MAIL_INDEX_ESTALE_RETRY_COUNT NFS_ESTALE_RETRY_COUNT
+/* Large extension header sizes are probably caused by file corruption, so
+ try to catch them by limiting the header size. */
+#define MAIL_INDEX_EXT_HEADER_MAX_SIZE (1024*1024*16-1)
#define MAIL_INDEX_IS_IN_MEMORY(index) \
((index)->dir == NULL)
More information about the dovecot-cvs
mailing list