lib-index: Added extra checks against broken extension record introductions.

diff --git a/src/lib-index/mail-index-map.c b/src/lib-index/mail-index-map.c
index 7d4fb02bf9adc7ebd604c73b2b954c36e1cc4972..b5b66d62a44b3500d23ed62921a7e8fa9f7ab193 100644 (file)
--- a/src/lib-index/mail-index-map.c
+++ b/src/lib-index/mail-index-map.c
@@ -162,6 +162,18 @@ mail_index_map_ext_hdr_check_record(const struct mail_index_header *hdr,
                return -1;
        }
 
+       /* until we get 128 bit CPUs having a larger alignment is pointless */
+       if (ext_hdr->record_align > sizeof(uint64_t)) {
+               *error_r = "Record alignment is too large";
+               return -1;
+       }
+       /* a large record size is most likely a bug somewhere. the maximum
+          record size is limited to 64k anyway, so try to fail earlier. */
+       if (ext_hdr->record_size > sizeof(uint16_t)/2) {
+               *error_r = "Record size is too large";
+               return -1;
+       }
+
        if (ext_hdr->record_offset + ext_hdr->record_size > hdr->record_size) {
                *error_r = t_strdup_printf("Record field points "
                                           "outside record size (%u+%u > %u)",