|
 |
11c5e2 |
From fcd786753b2ba6b4fb82cc2affea8e0d61889c95 Mon Sep 17 00:00:00 2001
|
|
|
11c5e2 |
From: Timo Sirainen <timo.sirainen@open-xchange.com>
|
|
|
11c5e2 |
Date: Mon, 4 Feb 2019 19:23:02 -0800
|
|
|
11c5e2 |
Subject: [PATCH] lib-storage: Fix buffer overflow when reading oversized
|
|
|
11c5e2 |
hdr-pop3-uidl header
|
|
|
11c5e2 |
|
|
|
11c5e2 |
---
|
|
|
11c5e2 |
src/lib-storage/index/index-pop3-uidl.c | 4 ++--
|
|
|
11c5e2 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
11c5e2 |
|
|
|
11c5e2 |
diff --git a/src/lib-storage/index/index-pop3-uidl.c b/src/lib-storage/index/index-pop3-uidl.c
|
|
|
11c5e2 |
index 13b7363ef6..e537e9ff51 100644
|
|
|
11c5e2 |
--- a/src/lib-storage/index/index-pop3-uidl.c
|
|
|
11c5e2 |
+++ b/src/lib-storage/index/index-pop3-uidl.c
|
|
|
11c5e2 |
@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail)
|
|
|
11c5e2 |
/* this header isn't set yet */
|
|
|
11c5e2 |
return TRUE;
|
|
|
11c5e2 |
}
|
|
|
11c5e2 |
- memcpy(&uidl, data, size);
|
|
|
11c5e2 |
+ memcpy(&uidl, data, sizeof(uidl));
|
|
|
11c5e2 |
return mail->uid <= uidl.max_uid_with_pop3_uidl;
|
|
|
11c5e2 |
}
|
|
|
11c5e2 |
|
|
|
11c5e2 |
@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct mailbox_transaction_context *tr
|
|
|
11c5e2 |
|
|
|
11c5e2 |
/* check if we have already the same header */
|
|
|
11c5e2 |
if (size >= sizeof(uidl)) {
|
|
|
11c5e2 |
- memcpy(&uidl, data, size);
|
|
|
11c5e2 |
+ memcpy(&uidl, data, sizeof(uidl));
|
|
|
11c5e2 |
if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl)
|
|
|
11c5e2 |
return;
|
|
|
11c5e2 |
}
|