[dovecot/f12/master] - imap: Don't crash with QRESYNC SELECT specifying sequences larger than mailbox's message count (

Michal Hlavinka mhlavink at fedoraproject.org
Fri Aug 20 07:45:27 UTC 2010 

commit 35c1fe9eac932170e0ade747748bd9cfaf0c9d50
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Fri Aug 20 08:51:40 2010 +0200

    - imap: Don't crash with QRESYNC SELECT specifying sequences larger
      than mailbox's message count (#625207)

 dovecot-1.2-qresync.patch |   31 +++++++++++++++++++++++++++++++
 dovecot.spec              |   10 +++++++++-
 2 files changed, 40 insertions(+), 1 deletions(-)
---
diff --git a/dovecot-1.2-qresync.patch b/dovecot-1.2-qresync.patch
new file mode 100644
index 0000000..af5bb86
--- /dev/null
+++ b/dovecot-1.2-qresync.patch
@@ -0,0 +1,31 @@
+# HG changeset patch
+# User Timo Sirainen <tss at iki.fi>
+# Date 1282239369 -3600
+# Node ID 70fa6178380e508e8587a2e4633b2060378cae85
+# Parent  ccc71865dea0668a77d40b8d494e42b089a61942
+imap: Don't crash with QRESYNC SELECT specifying sequences larger than mailbox's message count.
+
+--- a/src/imap/imap-fetch.c	Wed Aug 18 15:17:40 2010 +0100
++++ b/src/imap/imap-fetch.c	Thu Aug 19 18:36:09 2010 +0100
+@@ -165,6 +165,7 @@
+ expunges_drop_known(struct imap_fetch_context *ctx, struct mail *mail,
+ 		    ARRAY_TYPE(seq_range) *expunged_uids)
+ {
++	struct mailbox_status status;
+ 	const uint32_t *seqs, *uids;
+ 	unsigned int i, count;
+ 
+@@ -173,8 +174,10 @@
+ 	i_assert(array_count(ctx->qresync_sample_uidset) == count);
+ 	i_assert(count > 0);
+ 
++	mailbox_get_status(ctx->box, STATUS_MESSAGES, &status);
++
+ 	/* FIXME: we could do removals from the middle as well */
+-	for (i = 0; i < count; i++) {
++	for (i = 0; i < count && seqs[i] <= status.messages; i++) {
+ 		mail_set_seq(mail, seqs[i]);
+ 		if (uids[i] != mail->uid)
+ 			break;
+
+
diff --git a/dovecot.spec b/dovecot.spec
index ace81a0..d573fc2 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -2,7 +2,7 @@ Summary: Secure imap and pop3 server
 Name: dovecot
 Epoch: 1
 Version: 1.2.13
-Release: 1%{?dist}
+Release: 2%{?dist}
 #dovecot itself is MIT, a few sources are PD, (manage)sieve is LGPLv2, perfect_maildir.pl is GPLv2+
 License: MIT and LGPLv2 and GPLv2+
 Group: System Environment/Daemons
@@ -38,6 +38,9 @@ Patch1: dovecot-1.1-default-settings.patch
 Patch2: dovecot-1.0.beta2-mkcert-permissions.patch
 Patch3: dovecot-1.0.rc7-mkcert-paths.patch
 
+#from upstream, rhbz#625207, dovecot<=1.2.13
+Patch4: dovecot-1.2-qresync.patch
+
 Obsoletes: dovecot-sqlite < 1:1.2.10-3
 Obsoletes: dovecot-ldap   < 1:1.2.10-3
 Obsoletes: dovecot-gssapi < 1:1.2.10-3
@@ -119,6 +122,7 @@ zcat %{SOURCE11} | patch -p1 --fuzz=0 -s
 %patch1 -p1 -b .default-settings
 %patch2 -p1 -b .mkcert-permissions
 %patch3 -p1 -b .mkcert-paths
+%patch4 -p1 -b .qresync
 
 %build
 rm -f ./"configure"
@@ -363,6 +367,10 @@ fi
 
 
 %changelog
+* Fri Aug 20 2010 Michal Hlavinka <mhlavink at redhat.com> - 1:1.2.13-2
+- imap: Don't crash with QRESYNC SELECT specifying sequences larger 
+  than mailbox's message count (#625207)
+
 * Tue Jul 27 2010 Michal Hlavinka <mhlavink at redhat.com> - 1:1.2.13-1
 - updated to dovecot 1.2.13
 - Fixed iconv() crash when it was processing several kilobytes of

More information about the scm-commits mailing list