Mercurial > dovecot > original-hg > dovecot-1.2

diff src/lib-index/mail-cache-fields.c @ 8119:c96d9af856d1 HEAD
cache file: Don't crash if fields header offset points outside mmapped data.
author: Timo Sirainen <tss@iki.fi>
date: Sat, 30 Aug 2008 10:28:50 +0300
parents: ff6ccf848cc1
children: a0c05c33f838
--- a/src/lib-index/mail-cache-fields.c	Fri Aug 29 09:58:54 2008 +0300
+++ b/src/lib-index/mail-cache-fields.c	Sat Aug 30 10:28:50 2008 +0300
@@ -198,6 +198,11 @@
 			if (mail_cache_map(cache, offset,
 					   sizeof(*field_hdr)) < 0)
 				return -1;
+			if (offset >= cache->mmap_length) {
+				mail_cache_set_corrupted(cache,
+					"header field next_offset points outside file");
+				return -1;
+			}
 
 			field_hdr = CONST_PTR_OFFSET(cache->data, offset);
 		} else {
@@ -212,7 +217,7 @@
 			}
 			if (ret == 0) {
 				mail_cache_set_corrupted(cache,
-					"next_offset points outside file");
+					"header field next_offset points outside file");
 				return -1;
 			}
 			field_hdr = &tmp_field_hdr;