From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Thu, 20 Oct 2016 21:25:20 +0000 (+0300)
Subject: imap-hibernate: Fix "DONE" handling.
X-Git-Tag: 2.2.26~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f9c05266efc5fc665b0563521a78853fe445167e;p=thirdparty%2Fdovecot%2Fcore.git

imap-hibernate: Fix "DONE" handling.

1. If only "DONE\r\n" was sent, it randomly failed with BAD because of
out-of-bounds buffer read.

2. If "DONE\r\n" was followed by a command tag but no space afterwards, we
kept waiting for the input to continue. But since the DONE was already sent,
we should break the IDLE already at that point without any further waiting.
---

diff --git a/src/imap-hibernate/imap-client.c b/src/imap-hibernate/imap-client.c
index c53e5d3eec..bda80f99f6 100644
--- a/src/imap-hibernate/imap-client.c
+++ b/src/imap-hibernate/imap-client.c
@@ -278,6 +278,8 @@ imap_client_input_parse(const unsigned char *data, size_t size, const char **tag
 	if (data[0] != '\n')
 		return IMAP_CLIENT_INPUT_STATE_BAD;
 	data++; size--;
+	if (size == 0)
+		return state;
 
 	tag_start = data;
 
@@ -289,7 +291,7 @@ imap_client_input_parse(const unsigned char *data, size_t size, const char **tag
 	tag_end = data;
 
 	if (size == 0)
-		return IMAP_CLIENT_INPUT_STATE_UNKNOWN;
+		return state;
 	if (data[0] != ' ')
 		return IMAP_CLIENT_INPUT_STATE_BAD;
 	data++; size--;