From: Timo Sirainen Date: Thu, 22 Oct 2020 19:49:56 +0000 (+0300) Subject: lib-storage: Detect corrupted mail size when calculating body size X-Git-Tag: 2.3.14.rc1~145 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4735c12bb156766f0b592e0eed11ab0b2a671f74;p=thirdparty%2Fdovecot%2Fcore.git lib-storage: Detect corrupted mail size when calculating body size When body size is calculated from message size - header size, make sure that the message size is at least as large as the header size. Otherwise treat the message size as corrupted. --- diff --git a/src/lib-storage/index/index-mail.c b/src/lib-storage/index/index-mail.c index 62dd4e03b2..b520cc7af9 100644 --- a/src/lib-storage/index/index-mail.c +++ b/src/lib-storage/index/index-mail.c @@ -508,11 +508,25 @@ static void index_mail_try_set_body_size(struct index_mail *mail) However, don't do this if there's a possibility that physical_size or virtual_size don't actually match the mail stream's size (e.g. buggy imapc servers). */ - data->body_size.physical_size = data->physical_size - - data->hdr_size.physical_size; - data->body_size.virtual_size = data->virtual_size - - data->hdr_size.virtual_size; - data->body_size_set = TRUE; + if (data->physical_size < data->hdr_size.physical_size) { + mail_set_cache_corrupted(&mail->mail.mail, + MAIL_FETCH_PHYSICAL_SIZE, t_strdup_printf( + "Cached physical size smaller than header size " + "(%"PRIuUOFF_T" < %"PRIuUOFF_T")", + data->physical_size, data->hdr_size.physical_size)); + } else if (data->virtual_size < data->hdr_size.virtual_size) { + mail_set_cache_corrupted(&mail->mail.mail, + MAIL_FETCH_VIRTUAL_SIZE, t_strdup_printf( + "Cached virtual size smaller than header size " + "(%"PRIuUOFF_T" < %"PRIuUOFF_T")", + data->virtual_size, data->hdr_size.virtual_size)); + } else { + data->body_size.physical_size = data->physical_size - + data->hdr_size.physical_size; + data->body_size.virtual_size = data->virtual_size - + data->hdr_size.virtual_size; + data->body_size_set = TRUE; + } } }