Mercurial > dovecot > core-2.2

changeset 21348:4fdcc8318efc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lib-mail: message_binary_part_deserialize(): Return error if body line count is too large The input was unsigned int, so output must also fit into unsigned int.
author Timo Sirainen <timo.sirainen@dovecot.fi>
date Thu, 22 Dec 2016 11:53:06 -0500
parents 3ceea78a5cc8
children 5a5186b552e6
files src/lib-mail/message-binary-part.c
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/lib-mail/message-binary-part.c	Thu Dec 22 10:48:27 2016 -0500
+++ b/src/lib-mail/message-binary-part.c	Thu Dec 22 11:53:06 2016 -0500
@@ -31,7 +31,8 @@
 		if (numpack_decode(&p, end, &n1) < 0 ||
 		    numpack_decode(&p, end, &n2) < 0 ||
 		    numpack_decode(&p, end, &n3) < 0 ||
-		    numpack_decode(&p, end, &n4) < 0)
+		    numpack_decode(&p, end, &n4) < 0 ||
+		    n4 > UINT_MAX)
 			return -1;
 		part->physical_pos = n1;
 		part->binary_hdr_size = n2;