35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From 578cf77e84b3d25e2f95f08133a2b0b212aa77cc Mon Sep 17 00:00:00 2001
|
|
From: Timo Sirainen <timo.sirainen@open-xchange.com>
|
|
Date: Mon, 4 Feb 2019 19:23:02 -0800
|
|
Subject: [PATCH 1/2] lib-storage: Fix buffer overflow when reading oversized
|
|
hdr-pop3-uidl header
|
|
|
|
---
|
|
src/lib-storage/index/index-pop3-uidl.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/lib-storage/index/index-pop3-uidl.c b/src/lib-storage/index/index-pop3-uidl.c
|
|
index 13b7363ef..e537e9ff5 100644
|
|
--- a/src/lib-storage/index/index-pop3-uidl.c
|
|
+++ b/src/lib-storage/index/index-pop3-uidl.c
|
|
@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail)
|
|
/* this header isn't set yet */
|
|
return TRUE;
|
|
}
|
|
- memcpy(&uidl, data, size);
|
|
+ memcpy(&uidl, data, sizeof(uidl));
|
|
return mail->uid <= uidl.max_uid_with_pop3_uidl;
|
|
}
|
|
|
|
@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct mailbox_transaction_context *tr
|
|
|
|
/* check if we have already the same header */
|
|
if (size >= sizeof(uidl)) {
|
|
- memcpy(&uidl, data, size);
|
|
+ memcpy(&uidl, data, sizeof(uidl));
|
|
if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl)
|
|
return;
|
|
}
|
|
--
|
|
2.11.0
|