]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4329474)
lib-mail: message_binary_part_deserialize(): Return error if body line count is too...
authorTimo Sirainen <timo.sirainen@dovecot.fi>
Thu, 22 Dec 2016 16:53:06 +0000 (11:53 -0500)
committerGitLab <gitlab@git.dovecot.net>
Fri, 23 Dec 2016 13:24:13 +0000 (15:24 +0200)
The input was unsigned int, so output must also fit into unsigned int.

src/lib-mail/message-binary-part.c patch | blob | blame | history

diff --git a/src/lib-mail/message-binary-part.c b/src/lib-mail/message-binary-part.c
index 0b70d13d86958d7f0075184ea90408e1ccdb4895..178c6dcd738d6847feddfcd64bf31716faa3538f 100644 (file)
--- a/src/lib-mail/message-binary-part.c
+++ b/src/lib-mail/message-binary-part.c
@@ -31,7 +31,8 @@ int message_binary_part_deserialize(pool_t pool, const void *data, size_t size,
                if (numpack_decode(&p, end, &n1) < 0 ||
                    numpack_decode(&p, end, &n2) < 0 ||
                    numpack_decode(&p, end, &n3) < 0 ||
-                   numpack_decode(&p, end, &n4) < 0)
+                   numpack_decode(&p, end, &n4) < 0 ||
+                   n4 > UINT_MAX)
                        return -1;
                part->physical_pos = n1;
                part->binary_hdr_size = n2;
Mirror of https://github.com/dovecot/core.git