Bug#502996: Subject: libc-client2002edebian: Segfaults if IMAP server sends more than 30 user flags

Tue, 21 Oct 2008 09:29:44 -0700 

Subject: libc-client2002edebian: Segfaults if IMAP server sends more than 30 
user flags
Package: libc-client2002edebian
Version: 7:2002edebian1-13.1
Severity: important
Tags: patch

*** Please type your report below this line ***

After starting a connection to an IMAP server and selecting a folder, the 
c-client
reads the FLAGS response from the server into a buffer "stream->user_flags" 
whose
size is NUSERFLAGS (30).  However, it doesn't check that it hasn't overrun this
buffer, so if the server returns more than 30 user-defined flags, c-client 
segfaults.

Here is a patch which fixes the problem:

diff -Nur uw-imap-2002edebian1/src/c-client/imap4r1.c 
uw-imap-2002edebian1-patched/src/c-client/imap4r1.c
--- uw-imap-2002edebian1/src/c-client/imap4r1.c 2003-07-11 01:09:36.000000000 
+0100
+++ uw-imap-2002edebian1-patched/src/c-client/imap4r1.c 2008-10-07 
14:51:42.000000000 +0100
@@ -3330,7 +3330,15 @@
       fs_give ((void **) &stream->user_flags[i++]);
     i = 0;                     /* add flags */
     if (reply->text && (s = (char *) strtok (reply->text+1," )"))) do
-      if (*s != '\\') stream->user_flags[i++] = cpystr (s);
+      if (*s != '\\') {
+        if (i < NUSERFLAGS) {
+          stream->user_flags[i++] = cpystr (s);
+        }
+        else {
+          sprintf (LOCAL->tmp,"No room to add user flag: %.80s",s);
+          mm_log (LOCAL->tmp,WARN);
+        }
+      }
     while (s = (char *) strtok (NIL," )"));
   }
   else if (!strcmp (reply->key,"SEARCH")) {





-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages libc-client2002edebian depends on:
ii  deb 1.5.11etch2                          Debian configuration management sy
ii  lib 2.3.6.ds1-13etch7                    GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 1.4.4-7etch6                         MIT Kerberos runtime libraries
ii  lib 0.79-5                               Pluggable Authentication Modules f
ii  lib 0.79-5                               Pluggable Authentication Modules l
ii  lib 0.9.8c-4etch3                        SSL shared libraries
ii  mlo 7:2002edebian1-13.1                  Mailbox locking program from UW

libc-client2002edebian recommends no packages.

-- debconf information excluded



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to