Mercurial > dovecot > core-2.2

changeset 12923:64f354128f4e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lib-index: Added extra checks against broken extension record introductions.
author Timo Sirainen <tss@iki.fi>
date Tue, 05 Apr 2011 19:07:01 +0300
parents 6cc356a5d0a5
children 699d181a5578
files src/lib-index/mail-index-map.c
diffstat 1 files changed, 12 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/lib-index/mail-index-map.c	Tue Apr 05 13:26:45 2011 +0300
+++ b/src/lib-index/mail-index-map.c	Tue Apr 05 19:07:01 2011 +0300
@@ -162,6 +162,18 @@
 		return -1;
 	}
 
+	/* until we get 128 bit CPUs having a larger alignment is pointless */
+	if (ext_hdr->record_align > sizeof(uint64_t)) {
+		*error_r = "Record alignment is too large";
+		return -1;
+	}
+	/* a large record size is most likely a bug somewhere. the maximum
+	   record size is limited to 64k anyway, so try to fail earlier. */
+	if (ext_hdr->record_size > sizeof(uint16_t)/2) {
+		*error_r = "Record size is too large";
+		return -1;
+	}
+
 	if (ext_hdr->record_offset + ext_hdr->record_size > hdr->record_size) {
 		*error_r = t_strdup_printf("Record field points "
 					   "outside record size (%u+%u > %u)",