Mercurial > dovecot > original-hg > dovecot-1.2
changeset 3342:43d4aad84752 HEAD
Minor error checking fixes.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 26 Apr 2005 19:32:02 +0300 |
parents | fa9fd105fae3 |
children | 239520983a32 |
files | src/lib-index/mail-index-sync.c src/lib-index/mail-transaction-log-private.h src/lib-index/mail-transaction-log-view.c src/lib-index/mail-transaction-log.c |
diffstat | 4 files changed, 31 insertions(+), 31 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-index/mail-index-sync.c Tue Apr 26 17:52:02 2005 +0300 +++ b/src/lib-index/mail-index-sync.c Tue Apr 26 19:32:02 2005 +0300 @@ -364,7 +364,7 @@ the log sequences have gotten messed up. */ mail_transaction_log_file_set_corrupted(index->log->head, "log_file_int_offset (%u) > log size (%"PRIuUOFF_T")", - seq, index->hdr->log_file_int_offset, offset); + index->hdr->log_file_int_offset, offset); mail_index_sync_rollback(ctx); return -1; }
--- a/src/lib-index/mail-transaction-log-private.h Tue Apr 26 17:52:02 2005 +0300 +++ b/src/lib-index/mail-transaction-log-private.h Tue Apr 26 19:32:02 2005 +0300 @@ -47,7 +47,8 @@ void mail_transaction_log_file_set_corrupted(struct mail_transaction_log_file *file, - const char *fmt, ...); + const char *fmt, ...) + __attr_format__(2, 3); int mail_transaction_log_file_find(struct mail_transaction_log *log, uint32_t file_seq,
--- a/src/lib-index/mail-transaction-log-view.c Tue Apr 26 17:52:02 2005 +0300 +++ b/src/lib-index/mail-transaction-log-view.c Tue Apr 26 19:32:02 2005 +0300 @@ -322,18 +322,11 @@ return -1; } + i_assert(view->cur_offset >= file->buffer_offset); hdr = CONST_PTR_OFFSET(data, view->cur_offset - file->buffer_offset); data = CONST_PTR_OFFSET(hdr, sizeof(*hdr)); hdr_size = mail_index_offset_to_uint32(hdr->size); - if (file_size - view->cur_offset < hdr_size) { - mail_transaction_log_file_set_corrupted(file, - "record size too large (type=0x%x, offset=%"PRIuUOFF_T - ", size=%u, end=%"PRIuSIZE_T")", - hdr->type & MAIL_TRANSACTION_TYPE_MASK, - view->cur_offset, hdr_size, file_size); - return -1; - } if (hdr_size < sizeof(*hdr)) { type_rec = NULL; record_size = 0; @@ -364,6 +357,15 @@ return -1; } + if (file_size - view->cur_offset < hdr_size) { + mail_transaction_log_file_set_corrupted(file, + "record size too large (type=0x%x, offset=%"PRIuUOFF_T + ", size=%u, end=%"PRIuSIZE_T")", + hdr->type & MAIL_TRANSACTION_TYPE_MASK, + view->cur_offset, hdr_size, file_size); + return -1; + } + if ((hdr->type & MAIL_TRANSACTION_EXPUNGE) != 0) { if ((hdr->type & MAIL_TRANSACTION_TYPE_MASK) != (MAIL_TRANSACTION_EXPUNGE|MAIL_TRANSACTION_EXPUNGE_PROT)) {
--- a/src/lib-index/mail-transaction-log.c Tue Apr 26 17:52:02 2005 +0300 +++ b/src/lib-index/mail-transaction-log.c Tue Apr 26 19:32:02 2005 +0300 @@ -905,10 +905,6 @@ hdr_size = mail_index_offset_to_uint32(hdr->size); if (hdr_size == 0) { /* unfinished */ - if (file->mmap_base == NULL) { - size = file->sync_offset - file->buffer_offset; - buffer_set_used_size(file->buffer, size); - } return 0; } if (hdr_size < sizeof(*hdr)) { @@ -917,19 +913,21 @@ return -1; } - if (file->sync_offset - file->buffer_offset + hdr_size > size) { - /* record goes outside the file we've seen. or if - we're accessing the log file via unlocked mmaped - memory, it may be just that the memory was updated - after we checked the file size. */ - if (file->locked || file->mmap_base == NULL) { - mail_transaction_log_file_set_corrupted(file, - "hdr.size too large (%u)", hdr_size); - return -1; - } + if (file->sync_offset - file->buffer_offset + hdr_size > size) break; + file->sync_offset += hdr_size; + } + + if (file->sync_offset - file->buffer_offset != size) { + /* record goes outside the file we've seen. or if + we're accessing the log file via unlocked mmaped + memory, it may be just that the memory was updated + after we checked the file size. */ + if (file->locked || file->mmap_base == NULL) { + mail_transaction_log_file_set_corrupted(file, + "hdr.size too large (%u)", hdr_size); + return -1; } - file->sync_offset += hdr_size; } return 0; } @@ -995,10 +993,9 @@ if (ret == 0) { /* EOF */ - if (file->sync_offset > file->buffer_offset) { - buffer_set_used_size(file->buffer, file->sync_offset - - file->buffer_offset); - } + i_assert(file->sync_offset >= file->buffer_offset); + buffer_set_used_size(file->buffer, + file->sync_offset - file->buffer_offset); return 1; } @@ -1034,7 +1031,7 @@ if (start_offset < file->hdr.hdr_size) { mail_transaction_log_file_set_corrupted(file, - "offset (%"PRIuUOFF_T") < header size (%"PRIuSIZE_T")", + "offset (%"PRIuUOFF_T") < header size (%u)", start_offset, file->hdr.hdr_size); return -1; } @@ -1126,7 +1123,7 @@ if (end_offset != (uoff_t)-1 && end_offset > file->sync_offset) { mail_transaction_log_file_set_corrupted(file, "end_offset (%"PRIuUOFF_T") > current sync_offset " - "(%"PRIuSIZE_T")", end_offset, file->sync_offset); + "(%"PRIuUOFF_T")", end_offset, file->sync_offset); return -1; }