lobo/isync
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

reject unreasonably long mailbox names from IMAP LIST

Browse source 
this wasn't really a security problem, as the name mapping we actually
do does not change the string length, and the iteration was already
safe after the literal length fix, but it's still better to catch weird
input.
This commit is contained in:
Oswald Buddenhagen 2021-11-24 18:24:00 +01:00
parent 92921b1d3b
commit 127003ee37
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/drv_imap.c
View file

@ -1439,6 +1439,10 @@ parse_list_rsp_p2( imap_store_t *ctx, list_t *list, char *cmd ATTR_UNUSED )
}
arg = list->val;
argl = (int)list->len;
if (argl > 1000) {
warn( "IMAP warning: ignoring unreasonably long mailbox name '%.100s[...]'\n", arg );
return LIST_OK;
}
// The server might be weird and have a non-uppercase INBOX. It
// may legitimately do so, but we need the canonical spelling.
normalize_INBOX( ctx, arg, argl );