From ae49a37a3e82f3b590b8a95e778b56ff5286311f Mon Sep 17 00:00:00 2001
From: Oswald Buddenhagen <ossi@users.sf.net>
Date: Sat, 12 Apr 2014 15:02:40 +0200
Subject: [PATCH] don't crash on malformed response code

this would happen in the absurd corner case that the response code is
properly terminated with a closing bracket, but the atom itself is an
unterminated double-quoted string.

NOT found by coverity.
---
 src/drv_imap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/drv_imap.c b/src/drv_imap.c
index 98f23ba..adacc43 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -993,11 +993,13 @@ parse_response_code( imap_store_t *ctx, struct imap_cmd *cmd, char *s )
 		return RESP_OK;		/* no response code */
 	s++;
 	if (!(p = strchr( s, ']' ))) {
+	  bad_resp:
 		error( "IMAP error: malformed response code\n" );
 		return RESP_CANCEL;
 	}
 	*p++ = 0;
-	arg = next_arg( &s );
+	if (!(arg = next_arg( &s )))
+		goto bad_resp;
 	if (!strcmp( "UIDVALIDITY", arg )) {
 		if (!(arg = next_arg( &s )) ||
 		    (ctx->gen.uidvalidity = strtoll( arg, &earg, 10 ), *earg))