Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
dovecot22.7810
8b2d740b8182c63b76ff7ef0dd5e01710228705a.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 8b2d740b8182c63b76ff7ef0dd5e01710228705a.patch of Package dovecot22.7810
commit 8b2d740b8182c63b76ff7ef0dd5e01710228705a Author: Timo Sirainen <timo.sirainen@dovecot.fi> Date: Fri Jun 30 17:51:34 2017 +0300 imap: Add more error checking to NOTIFY parameter parsing This should make it clearer to realize when invalid syntax is being used rather than just ignoring the problem. diff --git a/src/imap/cmd-notify.c b/src/imap/cmd-notify.c index 7d3fd60c7..641c1d7b1 100644 --- a/src/imap/cmd-notify.c +++ b/src/imap/cmd-notify.c @@ -41,6 +41,8 @@ static int cmd_notify_parse_fetch(struct imap_notify_context *ctx, const struct imap_arg *list) { + if (list->type == IMAP_ARG_EOL) + return -1; /* at least one attribute must be set */ return imap_fetch_att_list_parse(ctx->client, ctx->pool, list, &ctx->fetch_ctx, &ctx->error); } @@ -59,11 +61,17 @@ cmd_notify_set_selected(struct imap_notify_context *ctx, strcasecmp(str, "NONE") == 0) { /* no events for selected mailbox. this is also the default when NOTIFY command doesn't specify it explicitly */ + if (events[1].type != IMAP_ARG_EOL) + return -1; /* no extra parameters */ return 0; } if (!imap_arg_get_list(events, &list)) return -1; + if (events[1].type != IMAP_ARG_EOL) + return -1; /* no extra parameters */ + if (list->type == IMAP_ARG_EOL) + return -1; /* at least one event */ for (; list->type != IMAP_ARG_EOL; list++) { if (cmd_notify_parse_event(list, &event) < 0) @@ -322,6 +330,15 @@ cmd_notify_set(struct imap_notify_context *ctx, const struct imap_arg *args) if (event_group->type == IMAP_ARG_EOL) return -1; mailboxes = event_group++; + /* check that the mailboxes parameter is valid */ + if (IMAP_ARG_IS_ASTRING(mailboxes)) + ; + else if (!imap_arg_get_list(mailboxes, &list)) + return -1; + else if (list->type == IMAP_ARG_EOL) { + /* should have at least one mailbox */ + return -1; + } } else { mailboxes = NULL; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor