lib-storage: Fix buffer overflow when reading oversized hdr-pop3-uidl header

author Timo Sirainen <timo.sirainen@open-xchange.com>

Tue, 5 Feb 2019 03:23:02 +0000 (19:23 -0800)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Mon, 18 Mar 2019 10:17:57 +0000 (12:17 +0200)
author Timo Sirainen <timo.sirainen@open-xchange.com>
Tue, 5 Feb 2019 03:23:02 +0000 (19:23 -0800)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Mon, 18 Mar 2019 10:17:57 +0000 (12:17 +0200)
diff --git a/src/lib-storage/index/index-pop3-uidl.c b/src/lib-storage/index/index-pop3-uidl.c

index 13b7363ef67a8fc3fe9992d3e8e47ceba4ca9e6e..e537e9ff51870c38f7cceb4592e0579fc15fc7de 100644 (file)
--- a/src/lib-storage/index/index-pop3-uidl.c
+++ b/src/lib-storage/index/index-pop3-uidl.c
@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail)
                 /* this header isn't set yet */
                 return TRUE;
         }
-       memcpy(&uidl, data, size);
+       memcpy(&uidl, data, sizeof(uidl));
         return mail->uid <= uidl.max_uid_with_pop3_uidl;
  }
  
@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct mailbox_transaction_context *tr
  
         /* check if we have already the same header */
         if (size >= sizeof(uidl)) {
-               memcpy(&uidl, data, size);
+               memcpy(&uidl, data, sizeof(uidl));
                 if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl)
                         return;
         }
author	Timo Sirainen <timo.sirainen@open-xchange.com>
	Tue, 5 Feb 2019 03:23:02 +0000 (19:23 -0800)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Mon, 18 Mar 2019 10:17:57 +0000 (12:17 +0200)