From: Timo Sirainen Date: Wed, 25 Jul 2018 10:17:45 +0000 (+0300) Subject: lib-storage: Fix bodystructure parsing crash if header is parsed twice X-Git-Tag: 2.3.3.rc1~218 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11fb3085708e94585a1734b736232c33779c6d70;p=thirdparty%2Fdovecot%2Fcore.git lib-storage: Fix bodystructure parsing crash if header is parsed twice The second parsing will recreate the parser_ctx, discarding the old parsed message_part.data for the header. On the second parsing save_bodystructure_header=FALSE so the message_part.data isn't filled for the header. Later on the bodystructure parsing assumes the data is set, and crashes. This only happened with mail_attachment_detection_options=add-flags-on-save and Sieve script that first accessed a non-cached header and then used the "body" extension. Fixes segfault and also: Panic: file imap-bodystructure.c: line 116 (part_write_body_multipart): assertion failed: (part->data != NULL) --- diff --git a/src/lib-storage/index/index-mail-headers.c b/src/lib-storage/index/index-mail-headers.c index 8bd356f89f..b57ac099bd 100644 --- a/src/lib-storage/index/index-mail-headers.c +++ b/src/lib-storage/index/index-mail-headers.c @@ -313,7 +313,7 @@ void index_mail_parse_header(struct message_part *part, if (data->save_bodystructure_header) { i_assert(!data->save_bodystructure_body || data->parser_ctx != NULL); - data->save_bodystructure_header = FALSE; + data->parsed_bodystructure_header = TRUE; } return; } @@ -414,6 +414,12 @@ static void index_mail_init_parser(struct index_mail *mail) index_mail_set_message_parts_corrupted(&mail->mail.mail, error); data->parts = NULL; } + if (data->parts == NULL) { + /* The previous parsing didn't finish, so we're + re-parsing the header. The new parts don't have data + filled anymore. */ + data->parsed_bodystructure_header = FALSE; + } } if (data->parts == NULL) { diff --git a/src/lib-storage/index/index-mail.c b/src/lib-storage/index/index-mail.c index c7ea15bf0f..3b223d5cf7 100644 --- a/src/lib-storage/index/index-mail.c +++ b/src/lib-storage/index/index-mail.c @@ -1193,7 +1193,7 @@ static int index_mail_parse_body(struct index_mail *mail, if (data->save_bodystructure_body) { /* bodystructure header is parsed, we want the body's mime headers too */ - i_assert(!data->save_bodystructure_header); + i_assert(data->parsed_bodystructure_header); message_parser_parse_body(data->parser_ctx, parse_bodystructure_part_header, mail->mail.data_pool); @@ -1347,7 +1347,8 @@ static int index_mail_parse_bodystructure(struct index_mail *mail, a string */ index_mail_body_parsed_cache_bodystructure(mail, field); } else { - if (data->save_bodystructure_header || + if ((data->save_bodystructure_header && + !data->parsed_bodystructure_header) || !data->save_bodystructure_body || field == MAIL_CACHE_BODY_SNIPPET) { /* we haven't parsed the header yet */ diff --git a/src/lib-storage/index/index-mail.h b/src/lib-storage/index/index-mail.h index 8053704df2..6ba64057b5 100644 --- a/src/lib-storage/index/index-mail.h +++ b/src/lib-storage/index/index-mail.h @@ -118,6 +118,7 @@ struct index_mail_data { bool save_body_snippet:1; bool stream_has_only_header:1; bool parsed_bodystructure:1; + bool parsed_bodystructure_header:1; bool hdr_size_set:1; bool body_size_set:1; bool messageparts_saved_to_cache:1;