From: Aki Tuomi Date: Thu, 5 Jan 2017 08:50:55 +0000 (+0200) Subject: lib-storage: Prevent recursion in header parsing X-Git-Tag: 2.3.0.rc1~2325 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b44fc75c0039d1006ce4d543544552449b8e229;p=thirdparty%2Fdovecot%2Fcore.git lib-storage: Prevent recursion in header parsing If header parsing error occurs and error handling tries to get fields, such as Message-ID, it will cause crash. This fixes problem by preventing reading from non-cached headers while they are being parsed. Fixes lmtp: Panic: file ../../../src/lib/array.h: line 219 (array_idx_i): assertion failed: (idx * array->element_size < array->buffer->used) --- diff --git a/src/lib-storage/index/index-mail-headers.c b/src/lib-storage/index/index-mail-headers.c index ae5cad6730..27ea3148bf 100644 --- a/src/lib-storage/index/index-mail-headers.c +++ b/src/lib-storage/index/index-mail-headers.c @@ -634,7 +634,14 @@ index_mail_get_raw_headers(struct index_mail *mail, const char *field, _mail->seq, &field_idx, 1) <= 0) { /* not in cache / error - first see if it's already parsed */ p_free(mail->mail.data_pool, dest); - + if (mail->data.header_parser_initialized) { + /* don't try to parse headers recursively. we're here + because message size was wrong and istream-mail + wants to log some cached headers. */ + i_assert(mail->lookup_abort == MAIL_LOOKUP_ABORT_NOT_IN_CACHE); + mail_set_aborted(mail); + return -1; + } if (mail->header_seq != mail->data.seq || index_mail_header_is_parsed(mail, field_idx) < 0) { /* parse */