File 0001-lib-storage-Fix-buffer-overflow-when-readi... of Package dovecot22.16060

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-lib-storage-Fix-buffer-overflow-when-reading-oversiz.patch of Package dovecot22.16060

From 2bac2c68a56f95b6aea5790b98062dccd74e8c69 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Mon, 4 Feb 2019 19:23:02 -0800
Subject: [PATCH 1/2] lib-storage: Fix buffer overflow when reading oversized
 hdr-pop3-uidl header

---
 src/lib-storage/index/index-pop3-uidl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib-storage/index/index-pop3-uidl.c b/src/lib-storage/index/index-pop3-uidl.c
index 13b7363ef..e537e9ff5 100644
--- a/src/lib-storage/index/index-pop3-uidl.c
+++ b/src/lib-storage/index/index-pop3-uidl.c
@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail)
 		/* this header isn't set yet */
 		return TRUE;
 	}
-	memcpy(&uidl, data, size);
+	memcpy(&uidl, data, sizeof(uidl));
 	return mail->uid <= uidl.max_uid_with_pop3_uidl;
 }
 
@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct mailbox_transaction_context *tr
 
 	/* check if we have already the same header */
 	if (size >= sizeof(uidl)) {
-		memcpy(&uidl, data, size);
+		memcpy(&uidl, data, sizeof(uidl));
 		if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl)
 			return;
 	}
-- 
2.11.0

Places

File 0001-lib-storage-Fix-buffer-overflow-when-reading-oversiz.patch of Package dovecot22.16060

Places