From e57a8602b45f58edf7b3ffb61bb17525d75dfcb1 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Fri, 13 Jul 2018 12:35:50 -0700
Subject: [PATCH] Verify IMAP status mailbox literal count size.
Ensure the length isn't bigger than the idata->buf.
Thanks to Jeriko One fo the bug report and patch, which this commit is
based upon.
---
imap/command.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/imap/command.c b/imap/command.c
index bb267f62..6abd759d 100644
--- a/imap/command.c
+++ b/imap/command.c
@@ -969,6 +969,13 @@ static void cmd_parse_status (IMAP_DATA* idata, char* s)
idata->status = IMAP_FATAL;
return;
}
+
+ if (strlen(idata->buf) < litlen)
+ {
+ dprint (1, (debugfile, "Error parsing STATUS mailbox\n"));
+ return;
+ }
+
mailbox = idata->buf;
s = mailbox + litlen;
*s = '\0';
--
2.13.6