From: Timo Sirainen <tss@iki.fi>
Date: Mon, 27 Jul 2009 02:40:02 +0000 (-0400)
Subject: cache file: If offset isn't 32bit aligned, assume it's corrupted.
X-Git-Tag: 2.0.alpha1~380
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8a4851655777e484d70b77bed6a7a8fac5c0c98c;p=thirdparty%2Fdovecot%2Fcore.git

cache file: If offset isn't 32bit aligned, assume it's corrupted.

--HG--
branch : HEAD
---

diff --git a/src/lib-index/mail-cache-lookup.c b/src/lib-index/mail-cache-lookup.c
index 21aaf5c96a..6a661f418b 100644
--- a/src/lib-index/mail-cache-lookup.c
+++ b/src/lib-index/mail-cache-lookup.c
@@ -17,6 +17,12 @@ int mail_cache_get_record(struct mail_cache *cache, uint32_t offset,
 
 	i_assert(offset != 0);
 
+	if (offset % sizeof(uint32_t) != 0) {
+		/* records are always 32-bit aligned */
+		mail_cache_set_corrupted(cache, "invalid record offset");
+		return -1;
+	}
+
 	/* we don't know yet how large the record is, so just guess */
 	if (mail_cache_map(cache, offset, sizeof(*rec) + CACHE_PREFETCH) < 0)
 		return -1;