Mercurial > dovecot > original-hg > dovecot-1.2
changeset 7367:8b0fe9c43c85 HEAD
Don't allow too large extension header sizes. They're probably caused by
file corruption.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 07 Mar 2008 03:52:52 +0200 |
parents | f4990a37a8df |
children | 750ff2eb83a0 |
files | src/lib-index/mail-index-map.c src/lib-index/mail-index-private.h |
diffstat | 2 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-index/mail-index-map.c Fri Mar 07 03:49:36 2008 +0200 +++ b/src/lib-index/mail-index-map.c Fri Mar 07 03:52:52 2008 +0200 @@ -184,6 +184,11 @@ "not used", ext_hdr->record_align); return -1; } + if (ext_hdr->hdr_size > MAIL_INDEX_EXT_HEADER_MAX_SIZE) { + *error_r = t_strdup_printf("Headersize too large (%u)", + ext_hdr->hdr_size); + return -1; + } return 0; }
--- a/src/lib-index/mail-index-private.h Fri Mar 07 03:49:36 2008 +0200 +++ b/src/lib-index/mail-index-private.h Fri Mar 07 03:52:52 2008 +0200 @@ -18,6 +18,9 @@ This happens with NFS when the file has been deleted (ie. index file was rewritten by another computer than us). */ #define MAIL_INDEX_ESTALE_RETRY_COUNT NFS_ESTALE_RETRY_COUNT +/* Large extension header sizes are probably caused by file corruption, so + try to catch them by limiting the header size. */ +#define MAIL_INDEX_EXT_HEADER_MAX_SIZE (1024*1024*16-1) #define MAIL_INDEX_IS_IN_MEMORY(index) \ ((index)->dir == NULL)