commit ba13362a52d8749731ba645e5e50e47862a5b91d
Author: Oswald Buddenhagen <[email protected]>
Date: Wed Nov 24 17:22:04 2021 +0100
deal with oversized messages in maildirs
don't try to read messages > 2G, as that will only lead to trouble down
the line.
this wouldn't have worked on linux anyway (we read in one chunk, and
that is limited to (2^31 - 2^12) on all architectures), but on
platforms were big reads work, this was a security problem if one
synchronized other users' maildirs.
as a minor fix on the side, we now also clip the reported message size,
so MaxSize works for excessively big messages.
src/drv_maildir.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/drv_maildir.c b/src/drv_maildir.c
index ea4195d..f916632 100644
--- a/src/drv_maildir.c
+++ b/src/drv_maildir.c
@@ -1168,7 +1168,8 @@ maildir_scan( maildir_store_t *ctx, msg_t_array_alloc_t
*msglist )
}
goto retry;
}
- entry->size = (uint)st.st_size;
+ // The clipped value is good enough for MaxSize
comparisons.
+ entry->size = st.st_size > UINT_MAX ? UINT_MAX
: (uint)st.st_size;
}
if (want_tuid || want_msgid) {
if (!(f = fopen( buf, "r" ))) {
@@ -1563,12 +1564,17 @@ maildir_fetch_msg( store_t *gctx, message_t *gmsg,
msg_data_t *data, int minimal
}
}
fstat( fd, &st );
+ if (st.st_size > INT_MAX) {
+ error( "Maildir error: %s is too big", buf );
+ goto mbad;
+ }
data->len = st.st_size;
if (data->date == -1)
data->date = st.st_mtime;
data->data = nfmalloc( data->len );
if (read( fd, data->data, data->len ) != data->len) {
sys_error( "Maildir error: cannot read %s", buf );
+ mbad:
close( fd );
cb( DRV_MSG_BAD, aux );
return;
_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel
