Mercurial > dovecot > original-hg > dovecot-1.2
changeset 53:37a388fe4dab HEAD
bugfixes for overflow checks :)
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Wed, 28 Aug 2002 00:51:00 +0300 |
| parents | d5f0f634b86e |
| children | 71fc142c2d7b |
| files | src/lib-index/mail-index-data.c src/lib-index/mail-index-update.c src/lib-index/mail-index.c |
| diffstat | 3 files changed, 21 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-index/mail-index-data.c Wed Aug 28 00:36:06 2002 +0300 +++ b/src/lib-index/mail-index-data.c Wed Aug 28 00:51:00 2002 +0300 @@ -295,7 +295,7 @@ if (index_rec->data_position > data->mmap_length || (data->mmap_length - - index_rec->data_position > index_rec->data_size)) { + index_rec->data_position < index_rec->data_size)) { INDEX_MARK_CORRUPTED(data->index); index_set_error(data->index, "Error in data file %s: " "Given data size larger than file size "
--- a/src/lib-index/mail-index-update.c Wed Aug 28 00:36:06 2002 +0300 +++ b/src/lib-index/mail-index-update.c Wed Aug 28 00:51:00 2002 +0300 @@ -11,6 +11,7 @@ #include "imap-bodystructure.h" #include "mail-index.h" #include "mail-index-data.h" +#include "mail-index-util.h" struct _MailIndexUpdate { Pool pool; @@ -130,6 +131,9 @@ if (max_size > INT_MAX) { /* rec->data_size most likely corrupted */ + index_set_error(update->index, "Error in index file %s: " + "data_size points outside file", + update->index->filepath); update->index->header->flags |= MAIL_INDEX_FLAG_REBUILD; return FALSE; } @@ -161,9 +165,13 @@ continue; } - if (src_size > max_size || max_size - src_size > pos) { + if (src_size > max_size || max_size - src_size < pos) { /* corrupted data file - old value had a field larger than expected */ + index_set_error(update->index, + "Error in index file %s: " + "full_field_size points outside " + "data_size", update->index->filepath); update->index->header->flags |= MAIL_INDEX_FLAG_REBUILD; return FALSE; }
--- a/src/lib-index/mail-index.c Wed Aug 28 00:36:06 2002 +0300 +++ b/src/lib-index/mail-index.c Wed Aug 28 00:51:00 2002 +0300 @@ -40,9 +40,9 @@ } if (index->mmap_length < sizeof(MailIndexHeader)) { - INDEX_MARK_CORRUPTED(index); index_set_error(index, "truncated index file %s", index->filepath); + INDEX_MARK_CORRUPTED(index); return FALSE; } @@ -988,6 +988,9 @@ datarec = mail_index_data_lookup(index->data, rec, field); if (datarec == NULL) { /* corrupted, the field should have been there */ + index_set_error(index, "Error in index file %s: " + "Field not found from data file", + index->filepath); INDEX_MARK_CORRUPTED(index); return NULL; } @@ -1135,7 +1138,10 @@ return FALSE; } - mail_hash_update(index->hash, rec->uid, 0); + /* expunge() may be called while index is being rebuilt and when + there's no hash yet */ + if (index->hash != NULL) + mail_hash_update(index->hash, rec->uid, 0); /* setting UID to 0 is enough for deleting the mail from index */ rec->uid = 0; @@ -1185,6 +1191,9 @@ /* update message counts */ if (hdr->messages_count == 0) { /* corrupted */ + index_set_error(index, "Error in index file %s: " + "Header says there's no mail while expunging", + index->filepath); INDEX_MARK_CORRUPTED(index); return FALSE; }