From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Tue, 5 Feb 2019 03:23:02 +0000 (-0800)
Subject: lib-storage: Fix buffer overflow when reading oversized hdr-pop3-uidl header
X-Git-Tag: 2.2.36.3~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2bac2c68a56f95b6aea5790b98062dccd74e8c69;p=thirdparty%2Fdovecot%2Fcore.git

lib-storage: Fix buffer overflow when reading oversized hdr-pop3-uidl header
---

diff --git a/src/lib-storage/index/index-pop3-uidl.c b/src/lib-storage/index/index-pop3-uidl.c
index 13b7363ef6..e537e9ff51 100644
--- a/src/lib-storage/index/index-pop3-uidl.c
+++ b/src/lib-storage/index/index-pop3-uidl.c
@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail)
 		/* this header isn't set yet */
 		return TRUE;
 	}
-	memcpy(&uidl, data, size);
+	memcpy(&uidl, data, sizeof(uidl));
 	return mail->uid <= uidl.max_uid_with_pop3_uidl;
 }
 
@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct mailbox_transaction_context *tr
 
 	/* check if we have already the same header */
 	if (size >= sizeof(uidl)) {
-		memcpy(&uidl, data, size);
+		memcpy(&uidl, data, sizeof(uidl));
 		if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl)
 			return;
 	}