File 0001-lib-imap-Don-t-accept-strings-with-NULs.patch of Package dovecot22.12618

From 8d2510b627810f5467704516308088f65a9da389 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 10 May 2019 19:24:51 +0300
Subject: [PATCH 1/2] lib-imap: Don't accept strings with NULs

IMAP doesn't allow NULs except in binary literals. We'll still allow them
in regular literals as well, but just not in strings.

This fixes a bug with unescaping a string with NULs: str_unescape() could
have been called for memory that points outside the allocated string,
causing heap corruption. This could cause crashes or theoretically even
result in remote code execution exploit.

Found by Nick Roessler and Rafi Rubin
---
 src/lib-imap/imap-parser.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lib-imap/imap-parser.c b/src/lib-imap/imap-parser.c
index 05eaf7af0..cf2ffd9de 100644
--- a/src/lib-imap/imap-parser.c
+++ b/src/lib-imap/imap-parser.c
@@ -350,6 +350,11 @@ static int imap_parser_read_string(struct imap_parser *parser,
 			break;
 		}
 
+		if (data[i] == '\0') {
+			parser->error = "NULs not allowed in strings";
+			return FALSE;
+		}
+
 		if (data[i] == '\\') {
 			if (i+1 == data_size) {
 				/* known data ends with '\' - leave it to
-- 
2.16.4