cache file: Don't crash if fields header offset points outside mmapped data.

author Timo Sirainen <tss@iki.fi>

Sat, 30 Aug 2008 07:28:50 +0000 (10:28 +0300)

committer Timo Sirainen <tss@iki.fi>

Sat, 30 Aug 2008 07:28:50 +0000 (10:28 +0300)
author Timo Sirainen <tss@iki.fi>
Sat, 30 Aug 2008 07:28:50 +0000 (10:28 +0300)
committer Timo Sirainen <tss@iki.fi>
Sat, 30 Aug 2008 07:28:50 +0000 (10:28 +0300)
diff --git a/src/lib-index/mail-cache-fields.c b/src/lib-index/mail-cache-fields.c

index bcdda91ae58f2b6381ce48133f7a7cd21eafee89..e44ae6c51aa91ef4ab9dcd4f58279ab0aea24e92 100644 (file)
--- a/src/lib-index/mail-cache-fields.c
+++ b/src/lib-index/mail-cache-fields.c
@@ -198,6 +198,11 @@ static int mail_cache_header_fields_get_offset(struct mail_cache *cache,
                         if (mail_cache_map(cache, offset,
                                            sizeof(*field_hdr)) < 0)
                                 return -1;
+                       if (offset >= cache->mmap_length) {
+                               mail_cache_set_corrupted(cache,
+                                       "header field next_offset points outside file");
+                               return -1;
+                       }
  
                         field_hdr = CONST_PTR_OFFSET(cache->data, offset);
                 } else {
@@ -212,7 +217,7 @@ static int mail_cache_header_fields_get_offset(struct mail_cache *cache,
                         }
                         if (ret == 0) {
                                 mail_cache_set_corrupted(cache,
-                                       "next_offset points outside file");
+                                       "header field next_offset points outside file");
                                 return -1;
                         }
                         field_hdr = &tmp_field_hdr;
author	Timo Sirainen <tss@iki.fi>
	Sat, 30 Aug 2008 07:28:50 +0000 (10:28 +0300)
committer	Timo Sirainen <tss@iki.fi>
	Sat, 30 Aug 2008 07:28:50 +0000 (10:28 +0300)