From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 15 Oct 2025 07:09:03 +0000 (+0300)
Subject: lib-storage: Fix potential crash with SEARCH MIMEPART FILENAME ENDS
X-Git-Tag: 2.4.2~75
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e638a98dc7ee23dda677f9519fa9c002eb6478d5;p=thirdparty%2Fdovecot%2Fcore.git

lib-storage: Fix potential crash with SEARCH MIMEPART FILENAME ENDS

If the search value was longer than the checked filename, it accessed
memory outside the allocated buffer.
---

diff --git a/src/lib-storage/index/index-search-mime.c b/src/lib-storage/index/index-search-mime.c
index 95ad0ee628..ded94a9da4 100644
--- a/src/lib-storage/index/index-search-mime.c
+++ b/src/lib-storage/index/index-search-mime.c
@@ -283,7 +283,8 @@ search_arg_mime_filename_match(struct search_mimepart_context *mpctx,
 	case SEARCH_MIME_FILENAME_ENDS:
 		vlen = strlen(value);
 		alen = strlen(key);
-		return (str_begins_with(value + (vlen - alen), key) ? 1 : 0);
+		return (vlen >= alen &&
+			str_begins_with(value + (vlen - alen), key) ? 1 : 0);
 	default:
 		break;
 	}