From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Mon, 24 Oct 2016 10:28:44 +0000 (+0300)
Subject: lib-index: Fix potential error when reading from uncommitted cache transaction
X-Git-Tag: 2.2.26~53
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a4e044d1934a63c3fbe271d27136fae8512637bf;p=thirdparty%2Fdovecot%2Fcore.git

lib-index: Fix potential error when reading from uncommitted cache transaction

If dovecot.index.cache is compressed during the transaction, the new cache
fields mapping doesn't necessarily match what is in the transaction.

Fixes:
Error: Corrupted index cache file .../dovecot.index.cache: field index too large (27 >= 17)

Although there may be other cache corruption errors it also fixes.
---

diff --git a/src/lib-index/mail-cache-transaction.c b/src/lib-index/mail-cache-transaction.c
index bbd7e9bcb9..9e91b11b23 100644
--- a/src/lib-index/mail-cache-transaction.c
+++ b/src/lib-index/mail-cache-transaction.c
@@ -289,6 +289,14 @@ mail_cache_transaction_lookup_rec(struct mail_cache_transaction_ctx *ctx,
 	const struct mail_cache_transaction_rec *recs;
 	unsigned int i, count;
 
+	if (MAIL_CACHE_IS_UNUSABLE(ctx->cache) ||
+	    ctx->cache_file_seq != ctx->cache->hdr->file_seq) {
+		/* Cache was compressed during this transaction. We can't
+		   safely use the data anymore, since its fields won't match
+		   cache->file_fields_map. */
+		return NULL;
+	}
+
 	recs = array_get(&ctx->cache_data_seq, &count);
 	for (i = *trans_next_idx; i < count; i++) {
 		if (recs[i].seq == seq) {