From e57a8602b45f58edf7b3ffb61bb17525d75dfcb1 Mon Sep 17 00:00:00 2001 From: Kevin McCarthy Date: Fri, 13 Jul 2018 12:35:50 -0700 Subject: [PATCH] Verify IMAP status mailbox literal count size. Ensure the length isn't bigger than the idata->buf. Thanks to Jeriko One fo the bug report and patch, which this commit is based upon. --- imap/command.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/imap/command.c b/imap/command.c index bb267f62..6abd759d 100644 --- a/imap/command.c +++ b/imap/command.c @@ -969,6 +969,13 @@ static void cmd_parse_status (IMAP_DATA* idata, char* s) idata->status = IMAP_FATAL; return; } + + if (strlen(idata->buf) < litlen) + { + dprint (1, (debugfile, "Error parsing STATUS mailbox\n")); + return; + } + mailbox = idata->buf; s = mailbox + litlen; *s = '\0'; -- 2.13.6