Mercurial > dovecot > original-hg > dovecot-1.2
changeset 4997:b76f864f0e0b HEAD
When searching MIME body headers, make sure we don't go out of bounds with broken MIME messages and cause assert-crash.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 09 Jan 2007 22:19:32 +0200 |
parents | cfef56a6bf4a |
children | f37c7895eb8f |
files | src/lib-mail/message-body-search.c |
diffstat | 1 files changed, 8 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-mail/message-body-search.c Tue Jan 09 13:40:07 2007 +0200 +++ b/src/lib-mail/message-body-search.c Tue Jan 09 22:19:32 2007 +0200 @@ -100,7 +100,8 @@ } static bool message_search_header(struct part_search_context *ctx, - struct istream *input) + struct istream *input, + const struct message_part *part) { struct header_search_context *hdr_search_ctx; struct message_header_parser_ctx *hdr_ctx; @@ -117,6 +118,10 @@ /* we default to text content-type */ ctx->content_type_text = TRUE; + input = i_stream_create_limit(default_pool, input, part->physical_pos, + part->header_size.physical_size); + i_stream_seek(input, 0); + hdr_ctx = message_parse_header_init(input, NULL, TRUE); while ((ret = message_parse_header_next(hdr_ctx, &hdr)) > 0) { if (hdr->eoh) @@ -156,6 +161,7 @@ } i_assert(ret != 0); message_parse_header_deinit(&hdr_ctx); + i_stream_destroy(&input); return found; } @@ -401,7 +407,7 @@ t_push(); - if (message_search_header(&part_ctx, input)) { + if (message_search_header(&part_ctx, input, part)) { /* found / invalid search key */ ret = 1; } else if (part->children != NULL) {