lib-index: Bug in cache file size verification caused the whole cache file to be...

author Timo Sirainen <tss@iki.fi>

Mon, 4 Feb 2013 15:06:40 +0000 (17:06 +0200)

committer Timo Sirainen <tss@iki.fi>

Mon, 4 Feb 2013 15:06:40 +0000 (17:06 +0200)
author Timo Sirainen <tss@iki.fi>
Mon, 4 Feb 2013 15:06:40 +0000 (17:06 +0200)
committer Timo Sirainen <tss@iki.fi>
Mon, 4 Feb 2013 15:06:40 +0000 (17:06 +0200)
diff --git a/src/lib-index/mail-cache.c b/src/lib-index/mail-cache.c

index 4903a8964b938242769533c1927c13ca7ca5b970..d59ea43f27cf76e70c0aded1a341e1a30138b283 100644 (file)
--- a/src/lib-index/mail-cache.c
+++ b/src/lib-index/mail-cache.c
@@ -367,7 +367,8 @@ int mail_cache_map(struct mail_cache *cache, size_t offset, size_t size,
         /* verify offset + size before trying to allocate a huge amount of
            memory due to them. note that we may be prefetching more than we
            actually need, so don't fail too early. */
-       if (size > cache->mmap_length || offset + size > cache->mmap_length) {
+       if ((size > cache->mmap_length || offset + size > cache->mmap_length) &&
+           (offset > 0 || size > sizeof(struct mail_cache_header))) {
                 if (fstat(cache->fd, &st) < 0) {
                         i_error("fstat(%s) failed: %m", cache->filepath);
                         return -1;
@@ -376,7 +377,8 @@ int mail_cache_map(struct mail_cache *cache, size_t offset, size_t size,
                         *data_r = NULL;
                         return 0;
                 }
-               size = st.st_size - offset;
+               if (offset + size > (uoff_t)st.st_size)
+                       size = st.st_size - offset;
         }
  
         cache->remap_counter++;
author	Timo Sirainen <tss@iki.fi>
	Mon, 4 Feb 2013 15:06:40 +0000 (17:06 +0200)
committer	Timo Sirainen <tss@iki.fi>
	Mon, 4 Feb 2013 15:06:40 +0000 (17:06 +0200)