On Thu, May 19, 2005 at 12:34:59PM +0200, Jordi Mallach wrote: > Attached is the current patch, including the testsuite additions that > are failing.
Attached now. -- Jordi Mallach P�rez -- Debian developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.sindominio.net/ GnuPG public key information available at http://oskuro.net/
Index: imap4d/fetch.c
===================================================================
RCS file: /cvsroot/mailutils/mailutils/imap4d/fetch.c,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- imap4d/fetch.c 26 Jul 2003 11:07:04 -0000 1.47
+++ imap4d/fetch.c 13 May 2005 09:38:56 -0000 1.48
@@ -1156,6 +1169,10 @@
else
util_send (" \"\"");
}
+ else if (end + 2 < end) /* Check for integer overflow */
+ {
+ return RESP_BAD;
+ }
else
{
char *buffer, *p;
Index: imap4d/util.c
===================================================================
RCS file: /cvsroot/mailutils/mailutils/imap4d/util.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- imap4d/util.c 4 Jan 2005 17:16:42 -0000 1.62
+++ imap4d/util.c 13 May 2005 09:39:22 -0000 1.63
@@ -199,13 +199,14 @@
{
errno = 0;
val = strtoul (s, &s, 10);
- if (val == ULONG_MAX && errno == ERANGE)
+ if ((val == ULONG_MAX && errno == ERANGE) || val > max)
{
if (*set)
free (*set);
*n = 0;
return EINVAL;
}
+
if (low)
{
/* Reverse it. */
@@ -400,26 +401,40 @@
int
util_finish (struct imap4d_command *command, int rc, const char *format, ...)
{
- char *tempbuf = NULL;
+ size_t size;
char *buf = NULL;
+ char *tempbuf = NULL;
int new_state;
int status = 0;
va_list ap;
-
- asprintf (&tempbuf, "%s %s%s %s\r\n", command->tag, sc2string (rc),
- command->name, format);
+ char *sc = sc2string (rc);
+
va_start (ap, format);
- vasprintf (&buf, tempbuf, ap);
+ vasprintf (&tempbuf, format, ap);
va_end (ap);
+ if (!tempbuf)
+ imap4d_bye (ERR_NO_MEM);
+
+ size = strlen (command->tag) + 1 +
+ strlen (sc) + strlen (command->name) + 1 +
+ strlen (tempbuf) + 1;
+ buf = malloc (size);
if (!buf)
imap4d_bye (ERR_NO_MEM);
+ strcpy (buf, command->tag);
+ strcat (buf, " ");
+ strcat (buf, sc);
+ strcat (buf, command->name);
+ strcat (buf, " ");
+ strcat (buf, tempbuf);
+ free (tempbuf);
if (daemon_param.transcript)
- syslog (LOG_DEBUG, "sent: %s", buf);
+ syslog (LOG_DEBUG, "sent: %s\r\n", buf);
- status = stream_sequential_write (ostream, buf, strlen (buf));
+ stream_sequential_write (ostream, buf, strlen (buf));
free (buf);
- free (tempbuf);
+ stream_sequential_write (ostream, "\r\n", 2);
/* Reset the state. */
if (rc == RESP_OK)
Index: imap4d/testsuite/imap4d/DISTFILES
===================================================================
RCS file: /cvsroot/mailutils/mailutils/imap4d/testsuite/imap4d/DISTFILES,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- imap4d/testsuite/imap4d/DISTFILES 26 Aug 2002 17:09:32 -0000 1.4
+++ imap4d/testsuite/imap4d/DISTFILES 13 May 2005 10:08:55 -0000 1.5
@@ -1,3 +1,5 @@
+IDEF0955.exp
+IDEF0956.exp
anystate.exp
append.exp
create.exp
Index: mailbox/header.c
===================================================================
RCS file: /cvsroot/mailutils/mailutils/mailbox/header.c,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- mailbox/header.c 2 Jun 2004 11:03:36 -0000 1.65
+++ mailbox/header.c 13 May 2005 09:39:57 -0000 1.66
@@ -710,7 +710,7 @@
{
/* save one for the null */
--buflen;
- len = (len > buflen) ? len : len;
+ len = (len > buflen) ? buflen : len;
memcpy (buf, header->hdr[num].fn, len);
buf[len] = '\0';
}
Index: imap4d/testsuite/imap4d/IDEF0955.exp
===================================================================
RCS file: imap4d/testsuite/imap4d/IDEF0955.exp
diff -N imap4d/testsuite/imap4d/IDEF0955.exp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ imap4d/testsuite/imap4d/IDEF0955.exp 13 May 2005 10:08:53 -0000
1.1
@@ -0,0 +1,44 @@
+# -*- tcl -*-
+# This file is part of Mailutils testsuite.
+# Copyright (C) 2005, Free Software Foundation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+# Mailutils versions prior to 0.6.1 allowed to use any numbers in message
+# sets, even those greater than the maximum id (message number or uid),
+# available in the mailbox.
+# Reported: by idefense.com on Thu, 12 May 2005 13:30:06 -0400
+# References: <[EMAIL PROTECTED]>
+
+imap4d_start
+imap4d_auth "user!passwd" "guessme"
+
+imap4d_test "SELECT mbox1" \
+"5 EXISTS"\
+"5 RECENT"\
+-re {OK \[UIDVALIDITY [0-9]+\] UID valididy status}\
+"OK \[UIDNEXT 6\] Predicted next uid"\
+"OK \[UNSEEN 1\] first unseen messsage"\
+"FLAGS (\\Answered \\Flagged \\Deleted \\Seen \\Draft)"\
+"OK \[PERMANENTFLAGS (\\Answered \\Deleted \\Seen)\] Permanent flags" \
+"OK"
+
+imap4d_test "FETCH 1:4294967294 FLAGS" \
+"BAD FETCH Bogus number set"
+
+imap4d_test "UID FETCH 1:4294967294 FLAGS" \
+"BAD UID FETCH Bogus number set"
+
+# End of IDEF0955.exp
\ No newline at end of file
Index: imap4d/testsuite/imap4d/IDEF0956.exp
===================================================================
RCS file: imap4d/testsuite/imap4d/IDEF0956.exp
diff -N imap4d/testsuite/imap4d/IDEF0956.exp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ imap4d/testsuite/imap4d/IDEF0956.exp 13 May 2005 10:08:55 -0000
1.1
@@ -0,0 +1,40 @@
+# -*- tcl -*-
+# This file is part of Mailutils testsuite.
+# Copyright (C) 2005, Free Software Foundation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+# Mailutils versions prior to 0.6.1 missed check for integer overflow
+# in fetch_io.
+# Reported: by idefense.com on Thu, 12 May 2005 13:30:04 -0400
+# References: <[EMAIL PROTECTED]>
+
+imap4d_start
+imap4d_auth "user!passwd" "guessme"
+
+imap4d_test "SELECT mbox1" \
+"5 EXISTS"\
+"5 RECENT"\
+-re {OK \[UIDVALIDITY [0-9]+\] UID valididy status}\
+"OK \[UIDNEXT 6\] Predicted next uid"\
+"OK \[UNSEEN 1\] first unseen messsage"\
+"FLAGS (\\Answered \\Flagged \\Deleted \\Seen \\Draft)"\
+"OK \[PERMANENTFLAGS (\\Answered \\Deleted \\Seen)\] Permanent flags" \
+"OK"
+
+imap4d_test "FETCH 1 BODY\[TEXT\]<0.4294967294>" \
+"BAD FETCH Completed"
+
+# End of IDEF0956.exp
\ No newline at end of file
signature.asc
Description: Digital signature
