sipp11
/
mbsync
mirror of https://git.code.sf.net/p/isync/isync
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

reject unreasonably long mailbox names from IMAP LIST 

this wasn't really a security problem, as the name mapping we actually
do does not change the string length, and the iteration was already
safe after the literal length fix, but it's still better to catch weird
input.
1.4
Oswald Buddenhagen 3 years ago
parent
92921b1d3b
commit
127003ee37
1 changed files with 4 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/drv_imap.c

4
src/drv_imap.c
Unescape View File

@ -1439,6 +1439,10 @@ parse_list_rsp_p2( imap_store_t *ctx, list_t *list, char *cmd ATTR_UNUSED )
} }
arg = list->val; arg = list->val;
argl = (int)list->len; argl = (int)list->len;
if (argl > 1000) {
warn( "IMAP warning: ignoring unreasonably long mailbox name '%.100s[...]'\n", arg );
return LIST_OK;
}
// The server might be weird and have a non-uppercase INBOX. It // The server might be weird and have a non-uppercase INBOX. It
// may legitimately do so, but we need the canonical spelling. // may legitimately do so, but we need the canonical spelling.
normalize_INBOX( ctx, arg, argl ); normalize_INBOX( ctx, arg, argl );

Write Preview
Loading…
Cancel
Save