Mercurial > dovecot > original-hg > dovecot-1.2
changeset 6384:2c8b1d487728 HEAD
Make sure the extension name doesn't contain control characters. It most
likely means the extension header is corrupted.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sat, 15 Sep 2007 10:51:03 +0300 |
parents | 6d5c3ce9426c |
children | 9dde743dfbc1 |
files | src/lib-index/mail-index-map.c src/lib-index/mail-index.c |
diffstat | 2 files changed, 17 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-index/mail-index-map.c Sat Sep 15 10:46:22 2007 +0300 +++ b/src/lib-index/mail-index-map.c Sat Sep 15 10:51:03 2007 +0300 @@ -2,6 +2,7 @@ #include "lib.h" #include "array.h" +#include "str-sanitize.h" #include "nfs-workarounds.h" #include "mmap-util.h" #include "read-full.h" @@ -156,13 +157,10 @@ t_push(); name = t_strndup(CONST_PTR_OFFSET(map->hdr_base, name_offset), ext_hdr->name_size); - - if (mail_index_map_lookup_ext(map, name, NULL)) { - mail_index_set_error(index, "Corrupted index file %s: " - "Duplicate header extension %s", - index->filepath, name); - t_pop(); - return -1; + if (strcmp(name, str_sanitize(name, -1)) != 0) { + /* we allow only plain ASCII names, so this extension + is most likely broken */ + name = ""; } if ((ext_hdr->record_size == 0 && ext_hdr->hdr_size == 0) || @@ -175,6 +173,14 @@ t_pop(); return -1; } + if (mail_index_map_lookup_ext(map, name, NULL)) { + mail_index_set_error(index, "Corrupted index file %s: " + "Duplicate header extension %s", + index->filepath, name); + t_pop(); + return -1; + } + if (map->hdr.record_size < ext_hdr->record_offset + ext_hdr->record_size) { mail_index_set_error(index, "Corrupted index file %s: "
--- a/src/lib-index/mail-index.c Sat Sep 15 10:46:22 2007 +0300 +++ b/src/lib-index/mail-index.c Sat Sep 15 10:51:03 2007 +0300 @@ -5,6 +5,7 @@ #include "array.h" #include "buffer.h" #include "hash.h" +#include "str-sanitize.h" #include "mmap-util.h" #include "nfs-workarounds.h" #include "read-full.h" @@ -90,6 +91,9 @@ struct mail_index_registered_ext rext; unsigned int i, ext_count; + if (strcmp(name, str_sanitize(name, -1)) != 0) + i_panic("mail_index_ext_register(%s): Invalid name", name); + extensions = array_get(&index->extensions, &ext_count); /* see if it's already there */