From ae49a37a3e82f3b590b8a95e778b56ff5286311f Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Sat, 12 Apr 2014 15:02:40 +0200 Subject: [PATCH] don't crash on malformed response code this would happen in the absurd corner case that the response code is properly terminated with a closing bracket, but the atom itself is an unterminated double-quoted string. NOT found by coverity. --- src/drv_imap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/drv_imap.c b/src/drv_imap.c index 98f23ba..adacc43 100644 --- a/src/drv_imap.c +++ b/src/drv_imap.c @@ -993,11 +993,13 @@ parse_response_code( imap_store_t *ctx, struct imap_cmd *cmd, char *s ) return RESP_OK; /* no response code */ s++; if (!(p = strchr( s, ']' ))) { + bad_resp: error( "IMAP error: malformed response code\n" ); return RESP_CANCEL; } *p++ = 0; - arg = next_arg( &s ); + if (!(arg = next_arg( &s ))) + goto bad_resp; if (!strcmp( "UIDVALIDITY", arg )) { if (!(arg = next_arg( &s )) || (ctx->gen.uidvalidity = strtoll( arg, &earg, 10 ), *earg))