Security fix.

svn path=/trunk/; revision=3441
author: Eric S. Raymond <esr@thyrsus.com> 2001-08-04 23:04:42 +0000
committer: Eric S. Raymond <esr@thyrsus.com> 2001-08-04 23:04:42 +0000
commit: 2e51880af8478356deac985863f6f13952987224 (patch)
tree: 0d3755c9b5e082ec64f85471feba0c3569c6e684 /imap.c
parent: 9bb8e8533b64422abd0b766398b3fcfea2a6a173 (diff)
download: fetchmail-2e51880af8478356deac985863f6f13952987224.tar.gz
fetchmail-2e51880af8478356deac985863f6f13952987224.tar.bz2
fetchmail-2e51880af8478356deac985863f6f13952987224.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/imap.c b/imap.c
index 96ca7ee3..0874e551 100644
--- a/imap.c
+++ b/imap.c
@@ -620,14 +620,19 @@ static int imap_getsizes(int sock, int count, int *sizes)
 	gen_send(sock, "FETCH 1:%d RFC822.SIZE", count);
     for (;;)
     {
-	int num, size, ok;
+	unsigned int num, size;
+	int ok;
 
 	if ((ok = gen_recv(sock, buf, sizeof(buf))))
 	    return(ok);
 	else if (strstr(buf, "OK") || strstr(buf, "NO"))
 	    break;
-	else if (sscanf(buf, "* %d FETCH (RFC822.SIZE %d)", &num, &size) == 2)
-	    sizes[num - 1] = size;
+	else if (sscanf(buf, "* %u FETCH (RFC822.SIZE %u)", &num, &size) == 2) {
+	    if (num > 0 && num <= count)
+	        sizes[num - 1] = size;
+	    /* else, strict: protocol error, flexible: nothing
+	     * I vote for flexible. */
+	}
     }
 
     return(PS_SUCCESS);
author	Eric S. Raymond <esr@thyrsus.com>	2001-08-04 23:04:42 +0000
committer	Eric S. Raymond <esr@thyrsus.com>	2001-08-04 23:04:42 +0000
commit	2e51880af8478356deac985863f6f13952987224 (patch)
tree	0d3755c9b5e082ec64f85471feba0c3569c6e684 /imap.c
parent	9bb8e8533b64422abd0b766398b3fcfea2a6a173 (diff)
download	fetchmail-2e51880af8478356deac985863f6f13952987224.tar.gz fetchmail-2e51880af8478356deac985863f6f13952987224.tar.bz2 fetchmail-2e51880af8478356deac985863f6f13952987224.zip