From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Tue, 3 May 2016 12:27:22 +0000 (+0300)
Subject: lib-storage: Fixed potential crash in mailbox_sync_deinit() error handling
X-Git-Tag: 2.3.0.rc1~3861
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d2c9e28ba48898e56f3ccd763d3aa947fcc2eb98;p=thirdparty%2Fdovecot%2Fcore.git

lib-storage: Fixed potential crash in mailbox_sync_deinit() error handling

If mailbox_sync*() was called before mailbox was opened, the automatic
mailbox opening could fail. mailbox_sync_deinit() would still try to access
box->view, which would be NULL.
---

diff --git a/src/lib-storage/index/index-sync.c b/src/lib-storage/index/index-sync.c
index 0d4aba0ce4..8b47937ae5 100644
--- a/src/lib-storage/index/index-sync.c
+++ b/src/lib-storage/index/index-sync.c
@@ -291,6 +291,17 @@ void index_sync_update_recent_count(struct mailbox *box)
 	}
 }
 
+static void index_mailbox_sync_free(struct index_mailbox_sync_context *ctx)
+{
+	if (array_is_created(&ctx->flag_updates))
+		array_free(&ctx->flag_updates);
+	if (array_is_created(&ctx->hidden_updates))
+		array_free(&ctx->hidden_updates);
+	if (array_is_created(&ctx->all_flag_update_uids))
+		array_free(&ctx->all_flag_update_uids);
+	i_free(ctx);
+}
+
 int index_mailbox_sync_deinit(struct mailbox_sync_context *_ctx,
 			      struct mailbox_sync_status *status_r)
 {
@@ -314,6 +325,10 @@ int index_mailbox_sync_deinit(struct mailbox_sync_context *_ctx,
 			ret = -1;
 		}
 	}
+	if (ret < 0) {
+		index_mailbox_sync_free(ctx);
+		return -1;
+	}
 	index_mailbox_expunge_unseen_recent(ctx);
 
 	if ((_ctx->box->flags & MAILBOX_FLAG_DROP_RECENT) == 0 &&
@@ -327,18 +342,10 @@ int index_mailbox_sync_deinit(struct mailbox_sync_context *_ctx,
 
 	/* update search results after private index is updated */
 	index_sync_search_results_update(ctx);
-
-	if (array_is_created(&ctx->flag_updates))
-		array_free(&ctx->flag_updates);
-	if (array_is_created(&ctx->hidden_updates))
-		array_free(&ctx->hidden_updates);
-	if (array_is_created(&ctx->all_flag_update_uids))
-		array_free(&ctx->all_flag_update_uids);
-
 	/* update vsize header if wanted */
-	if (ret == 0)
-		index_mailbox_vsize_update_appends(_ctx->box);
-	i_free(ctx);
+	index_mailbox_vsize_update_appends(_ctx->box);
+
+	index_mailbox_sync_free(ctx);
 	return ret;
 }