Security fix.

svn path=/trunk/; revision=3441
author: Eric S. Raymond <esr@thyrsus.com> 2001-08-04 23:04:42 +0000
committer: Eric S. Raymond <esr@thyrsus.com> 2001-08-04 23:04:42 +0000
commit: 2e51880af8478356deac985863f6f13952987224 (patch)
tree: 0d3755c9b5e082ec64f85471feba0c3569c6e684 /pop3.c
parent: 9bb8e8533b64422abd0b766398b3fcfea2a6a173 (diff)
download: fetchmail-2e51880af8478356deac985863f6f13952987224.tar.gz
fetchmail-2e51880af8478356deac985863f6f13952987224.tar.bz2
fetchmail-2e51880af8478356deac985863f6f13952987224.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/pop3.c b/pop3.c
index f6e5ddef..f0d685c4 100644
--- a/pop3.c
+++ b/pop3.c
@@ -572,12 +572,16 @@ static int pop3_getsizes(int sock, int count, int *sizes)
 
 	while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0)
 	{
-	    int num, size;
+	    unsigned int num, size;
 
 	    if (DOTLINE(buf))
 		break;
-	    else if (sscanf(buf, "%d %d", &num, &size) == 2)
-		sizes[num - 1] = size;
+	    else if (sscanf(buf, "%u %u", &num, &size) == 2) {
+		if (num > 0 && num <= count)
+		    sizes[num - 1] = size;
+		/* else, strict: protocol error, flexible: nothing
+		 * I vote for flexible. */
+	    }
 	}
 
 	return(ok);
author	Eric S. Raymond <esr@thyrsus.com>	2001-08-04 23:04:42 +0000
committer	Eric S. Raymond <esr@thyrsus.com>	2001-08-04 23:04:42 +0000
commit	2e51880af8478356deac985863f6f13952987224 (patch)
tree	0d3755c9b5e082ec64f85471feba0c3569c6e684 /pop3.c
parent	9bb8e8533b64422abd0b766398b3fcfea2a6a173 (diff)
download	fetchmail-2e51880af8478356deac985863f6f13952987224.tar.gz fetchmail-2e51880af8478356deac985863f6f13952987224.tar.bz2 fetchmail-2e51880af8478356deac985863f6f13952987224.zip