On Thu, Jun 18, 2026 at 08:16:43AM +0800, Kevin J. McCarthy wrote: > On Thu, Jun 18, 2026 at 08:09:10AM +0800, Kevin J. McCarthy wrote: > > ----- Forwarded message from Acts1631 <[email protected]> ----- > > From: Acts1631 <[email protected]> > > imap_alloc_msn_index() checks for maliciously large IMAP message sequence > > number counts before allocating idata->msn_index: > > > > if (msn_count >= (UINT_MAX / sizeof(HEADER *))) > > { > > mutt_error _("Integer overflow -- can't allocate memory."); > > sleep(1); > > mutt_exit(1); > > } > > > > Calling mutt_exit(1) terminates the mutt process. A robust IMAP client > > should reject the mailbox/update and return an error to the caller instead > > of exiting the program. > > This is a NAK for me. I'm open for debate on this, but defifinitely not > before 2.4.0.
I think the important part in the original message is: | A malicious IMAP server sends a large message count that Exiting is totally fine when we detect we talk to a malicious server. But the error message is not good. What is the overflow? Where is it coming from? The message should give the user a hint that the server is reporting a unplausible message count.
