Blob Blame History Raw
From a56b0636b1bf9c7677c6fca9681f48752af700a1 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 17 May 2019 10:33:53 +0300
Subject: [PATCH 2/2] lib-imap: Make sure str_unescape() won't be writing past
 allocated memory

The previous commit should already prevent this, but this makes sure it
can't become broken in the future either. It makes the performance a tiny
bit worse, but that's not practically noticeable.
---
 src/lib-imap/imap-parser.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/lib-imap/imap-parser.c b/src/lib-imap/imap-parser.c
index f41668d7a..7f58d99e2 100644
--- a/src/lib-imap/imap-parser.c
+++ b/src/lib-imap/imap-parser.c
@@ -267,10 +267,8 @@ static void imap_parser_save_arg(struct imap_parser *parser,
 
 		/* remove the escapes */
 		if (parser->str_first_escape >= 0 &&
-		    (parser->flags & IMAP_PARSE_FLAG_NO_UNESCAPE) == 0) {
-			/* -1 because we skipped the '"' prefix */
-			(void)str_unescape(str + parser->str_first_escape-1);
-		}
+		    (parser->flags & IMAP_PARSE_FLAG_NO_UNESCAPE) == 0)
+			(void)str_unescape(str);
 		arg->_data.str = str;
 		arg->str_len = strlen(str);
 		break;
-- 
2.11.0