reject unreasonably long mailbox names from IMAP LIST

this wasn't really a security problem, as the name mapping we actually do does not change the string length, and the iteration was already safe after the literal length fix, but it's still better to catch weird input.
2021-11-24 18:24:00 +01:00 · 2021-11-24 18:24:00 +01:00 · 127003ee37
commit 127003ee37
parent 92921b1d3b
1 changed files with 4 additions and 0 deletions
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@ -1439,6 +1439,10 @@ parse_list_rsp_p2( imap_store_t *ctx, list_t *list, char *cmd ATTR_UNUSED )
 	}
 	arg = list->val;
 	argl = (int)list->len;
+	if (argl > 1000) {
+		warn( "IMAP warning: ignoring unreasonably long mailbox name '%.100s[...]'\n", arg );
+		return LIST_OK;
+	}
 	// The server might be weird and have a non-uppercase INBOX. It
 	// may legitimately do so, but we need the canonical spelling.
 	normalize_INBOX( ctx, arg, argl );