Sam Varshavchik wrote:
> This turns out to be a tiny bug in the GNU libidn library causing all sorts
> of crap happen in Courier-IMAP. I\'m not a happy camper today. I need to
> figure out how to work around this bug...
So, you succeeded to reproduce the crash in your environment, didn\'t you?
But excuse me, are you sure that this is a bug of GNU libidn library?
0xe3 is the first byte of a 3-byte-length UTF-8 character.
Is it legal to pass 0xe3 without subsequent two more valid bytes?
It seems to me that the crash no longer occurs if we allocate larger buffer
on the courier-imap side.
diff -urp courier-imap-4.9.3.orig/rfc822/rfc2047u.c
courier-imap-4.9.3/rfc822/rfc2047u.c
--- courier-imap-4.9.3.orig/rfc822/rfc2047u.c
+++ courier-imap-4.9.3/rfc822/rfc2047u.c
@@ -511,7 +511,7 @@ int rfc2047_print_unicodeaddr(const stru
save_unicode_text, &nbuf) < 0)
return -1;
- nbuf.bufptr=malloc(nbuf.bufsize);
+ nbuf.bufptr=calloc(1, nbuf.bufsize + 128);
nbuf.bufsize=0;
if (!nbuf.bufptr)
return -1;
diff -urp courier-imap-4.9.3.orig/rfc822/rfc822_getaddr.c
courier-imap-4.9.3/rfc822/rfc822_getaddr.c
--- courier-imap-4.9.3.orig/rfc822/rfc822_getaddr.c
+++ courier-imap-4.9.3/rfc822/rfc822_getaddr.c
@@ -36,7 +36,7 @@ char *addrbuf, *ptr;
rfc822tok_print(t, &cntlen, &addrbuflen);
- if (!(addrbuf=malloc(addrbuflen+1)))
+ if (!(addrbuf=calloc(1, addrbuflen+1+128)))
return (0);
ptr=addrbuf;
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
