File 0001-lib-storage-Fix-buffer-overflow-when-reading-oversiz.patch of Package dovecot23.10955
From 578cf77e84b3d25e2f95f08133a2b0b212aa77cc Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Mon, 4 Feb 2019 19:23:02 -0800
Subject: [PATCH 1/2] lib-storage: Fix buffer overflow when reading oversized
hdr-pop3-uidl header
---
src/lib-storage/index/index-pop3-uidl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib-storage/index/index-pop3-uidl.c b/src/lib-storage/index/index-pop3-uidl.c
index 13b7363ef..e537e9ff5 100644
--- a/src/lib-storage/index/index-pop3-uidl.c
+++ b/src/lib-storage/index/index-pop3-uidl.c
@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail)
/* this header isn't set yet */
return TRUE;
}
- memcpy(&uidl, data, size);
+ memcpy(&uidl, data, sizeof(uidl));
return mail->uid <= uidl.max_uid_with_pop3_uidl;
}
@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct mailbox_transaction_context *tr
/* check if we have already the same header */
if (size >= sizeof(uidl)) {
- memcpy(&uidl, data, size);
+ memcpy(&uidl, data, sizeof(uidl));
if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl)
return;
}
--
2.11.0