dovecot-2.1: lib-index: Bug in cache file size verification caus...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Feb 4 17:06:48 EET 2013
details: http://hg.dovecot.org/dovecot-2.1/rev/443ff272317f
changeset: 14897:443ff272317f
user: Timo Sirainen <tss at iki.fi>
date: Mon Feb 04 17:06:40 2013 +0200
description:
lib-index: Bug in cache file size verification caused the whole cache file to be mapped.
diffstat:
src/lib-index/mail-cache.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diffs (23 lines):
diff -r b15a98fd8e15 -r 443ff272317f src/lib-index/mail-cache.c
--- a/src/lib-index/mail-cache.c Mon Feb 04 16:10:50 2013 +0200
+++ b/src/lib-index/mail-cache.c Mon Feb 04 17:06:40 2013 +0200
@@ -367,7 +367,8 @@
/* verify offset + size before trying to allocate a huge amount of
memory due to them. note that we may be prefetching more than we
actually need, so don't fail too early. */
- if (size > cache->mmap_length || offset + size > cache->mmap_length) {
+ if ((size > cache->mmap_length || offset + size > cache->mmap_length) &&
+ (offset > 0 || size > sizeof(struct mail_cache_header))) {
if (fstat(cache->fd, &st) < 0) {
i_error("fstat(%s) failed: %m", cache->filepath);
return -1;
@@ -376,7 +377,8 @@
*data_r = NULL;
return 0;
}
- size = st.st_size - offset;
+ if (offset + size > (uoff_t)st.st_size)
+ size = st.st_size - offset;
}
cache->remap_counter++;
More information about the dovecot-cvs
mailing list