projects / claws.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f6c690e)
Fix crash in mailimf_group_parse() in mailmbox plugin.
authorAndrej Kacian <ticho@claws-mail.org>
Sun, 7 May 2017 23:09:53 +0000 (01:09 +0200)
committerAndrej Kacian <ticho@claws-mail.org>
Sun, 7 May 2017 23:12:57 +0000 (01:12 +0200)
Fix based on upstream fix:
https://github.com/dinhviethoa/libetpan/commit/1fe8fb

Fixes our bug #3821:
Potential security issue with libetpan code in mailmbox plugin

src/plugins/mailmbox/mailimf.c patch | blob | history

diff --git a/src/plugins/mailmbox/mailimf.c b/src/plugins/mailmbox/mailimf.c
index f825b863ed0e76af04fe44cea6177655ea2c413d..d664050bb255f40a466e5b91ce905b32d1e1140d 100644 (file)
--- a/src/plugins/mailmbox/mailimf.c
+++ b/src/plugins/mailmbox/mailimf.c
@@ -2984,6 +2984,7 @@ static int mailimf_group_parse(const char * message, size_t length,
   struct mailimf_group * group;
   int r;
   int res;
+  clist * list;
 
   cur_token = * index;
 
@@ -3011,6 +3012,17 @@ static int mailimf_group_parse(const char * message, size_t length,
       res = r;
       goto free_display_name;
     }
+    list = clist_new();
+    if (list == NULL) {
+      res = MAILIMF_ERROR_MEMORY;
+      goto free_display_name;
+    }
+    mailbox_list = mailimf_mailbox_list_new(list);
+    if (mailbox_list == NULL) {
+      res = MAILIMF_ERROR_MEMORY;
+      clist_free(list);
+      goto free_display_name;
+    }
     break;
   default:
     res = r;
Claws Mail