On 07/15/2010 05:23 PM, Henrique de Moraes Holschuh wrote:
Heh, you can already use whatever we have in the experimental branch, it is
good enough for limited use :)
This isn't entirely true. This patch, which I mentioned previously,
looks like it could lead to header corruption in the saved header stored
in ibuf:
-------------------------------------------
10-fix_potential_overflows.dpatch:
--- git~/imap/message.c 2010-01-16 19:22:57.000000000 -0200
+++ git/imap/message.c 2010-01-16 19:27:30.915091898 -0200
@@ -996,7 +996,7 @@
/* Save header value */
len = hdrend - hdr;
message_ibuf_ensure(ibuf, len+2);
- strncpy(ibuf->end, hdr, len);
+ strncpy(ibuf->end, hdr, len+1);
ibuf->end += len;
*(ibuf->end)++ = '\r';
*(ibuf->end)++ = '\n';
------------------------------------------
This is kind of an insane situation that there are bug fix patches
hanging around that have been in the debian source package since 2.3.8
which haven't been pushed upstream. As a result, I don't trust any of
the patches until I've checked them myself. And since I don't
understand what patches 12,13 are doing, I'm hoping you'll have time to
go over them soon.
Meanwhile, I'm going over the patches the redhat people added to
cyrus-imapd-2.3.16-5.src (actually, first comparing the differences
between this newer version and cyrus-imapd-2.3.16-3.fc13.src) to see if
there's anything there that needs to be migrated to the debian package.
I haven't done any C programming in a loooong time, so part of the delay
on my part was getting back up to speed in C. Now that that's done, I
hope to be through this in a few days (modulo being out of town all next
week).
