]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2e5ef7c)
lib-imap: Fix assert-crash if parsing invalid BODYSTRUCTURE with empty Content-Langua...
authorTimo Sirainen <timo.sirainen@open-xchange.com>
Wed, 10 Mar 2021 15:40:47 +0000 (17:40 +0200)
committeraki.tuomi <aki.tuomi@open-xchange.com>
Tue, 16 Mar 2021 08:44:32 +0000 (08:44 +0000)
If there's no Content-Language, it should be NIL in the bodystructure.
So if the value is (), it is invalid.

This could in theory have happened when parsing corrupted
dovecot.index.cache or receiving it from a broken remote IMAP server with
imapc. The bug was found by fuzzing though.

Fixes:
Panic: file imap-bodystructure.c: line 98 (part_write_bodystructure_common): assertion failed: (*lang != NULL)

src/lib-imap/imap-bodystructure.c patch | blob | blame | history
src/lib-imap/test-imap-bodystructure.c patch | blob | blame | history

diff --git a/src/lib-imap/imap-bodystructure.c b/src/lib-imap/imap-bodystructure.c
index 28af528822a1588f8ed4e82d3135a99a6250b872..34386f1d8c21eeb5b91bb21ae2a775fc4d959e8f 100644 (file)
--- a/src/lib-imap/imap-bodystructure.c
+++ b/src/lib-imap/imap-bodystructure.c
@@ -288,6 +288,8 @@ imap_bodystructure_strlist_parse(const struct imap_arg *arg,
        } else {
                if (!imap_arg_get_list_full(arg, &list_args, &list_count))
                        return -1;
+               if (list_count == 0)
+                       return -1;
 
                list = p_new(pool, const char *, list_count+1);
                for (i = 0; i < list_count; i++) {
diff --git a/src/lib-imap/test-imap-bodystructure.c b/src/lib-imap/test-imap-bodystructure.c
index b4757fa671603063c5259d460a51d822ddd6e696..12bd90c5f54cbe942388673b3b6600fd34cc9a8b 100644 (file)
--- a/src/lib-imap/test-imap-bodystructure.c
+++ b/src/lib-imap/test-imap-bodystructure.c
@@ -512,6 +512,9 @@ static void test_imap_bodystructure_parse_invalid(void)
                { "foo", "\"text\" \"plain\" (\"charset\" \"us-ascii\") NIL NIL \"7bit\" 0 0 NIL NIL (ATOM \"bar\") NIL", "Invalid content-language" },
                { "foo", "\"text\" \"plain\" (\"charset\" \"us-ascii\") NIL NIL \"7bit\" 0 0 NIL NIL (\"foo\" ATOM) NIL", "Invalid content-language" },
                { "foo", "\"text\" \"plain\" (\"charset\" \"us-ascii\") NIL NIL \"7bit\" 0 0 NIL NIL NIL ATOM", "Invalid content-location" },
+
+               /* empty content-language list */
+               { "foo", "\"text\" \"plain\" (\"charset\" \"us-ascii\") NIL NIL \"7bit\" 0 0 NIL NIL ()", "Invalid content-language" },
        };
        struct message_part *parts;
        const char *error;
Mirror of https://github.com/dovecot/core.git