deal with oversized messages in maildirs

don't try to read messages > 2G, as that will only lead to trouble down
the line.

this wouldn't have worked on linux anyway (we read in one chunk, and
that is limited to (2^31 - 2^12) on all architectures), but on
platforms were big reads work, this was a security problem if one
synchronized other users' maildirs.

as a minor fix on the side, we now also clip the reported message size,
so MaxSize works for excessively big messages.
This commit is contained in:
Oswald Buddenhagen 2021-11-24 17:22:04 +01:00
parent 463272eab8
commit ba13362a52

View File

@ -1168,7 +1168,8 @@ maildir_scan( maildir_store_t *ctx, msg_t_array_alloc_t *msglist )
}
goto retry;
}
entry->size = (uint)st.st_size;
// The clipped value is good enough for MaxSize comparisons.
entry->size = st.st_size > UINT_MAX ? UINT_MAX : (uint)st.st_size;
}
if (want_tuid || want_msgid) {
if (!(f = fopen( buf, "r" ))) {
@ -1563,12 +1564,17 @@ maildir_fetch_msg( store_t *gctx, message_t *gmsg, msg_data_t *data, int minimal
}
}
fstat( fd, &st );
if (st.st_size > INT_MAX) {
error( "Maildir error: %s is too big", buf );
goto mbad;
}
data->len = st.st_size;
if (data->date == -1)
data->date = st.st_mtime;
data->data = nfmalloc( data->len );
if (read( fd, data->data, data->len ) != data->len) {
sys_error( "Maildir error: cannot read %s", buf );
mbad:
close( fd );
cb( DRV_MSG_BAD, aux );
return;