|
Lines 38-44
Link Here
|
| 38 |
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
38 |
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 39 |
*/ |
39 |
*/ |
| 40 |
|
40 |
|
| 41 |
/* $Id: imapd.c,v 1.485 2004/09/16 17:58:53 ken3 Exp $ */ |
41 |
/* $Id: imapd.c,v 1.488 2004/11/17 22:29:03 shadow Exp $ */ |
| 42 |
|
42 |
|
| 43 |
#include <config.h> |
43 |
#include <config.h> |
| 44 |
|
44 |
|
|
Lines 287-292
Link Here
|
| 287 |
|
287 |
|
| 288 |
if (config_getswitch(IMAPOPT_IMAPMAGICPLUS)) { |
288 |
if (config_getswitch(IMAPOPT_IMAPMAGICPLUS)) { |
| 289 |
/* make a working copy of the auth[z]id */ |
289 |
/* make a working copy of the auth[z]id */ |
|
|
290 |
if (ulen > MAX_MAILBOX_NAME) { |
| 291 |
sasl_seterror(conn, 0, "buffer overflow while canonicalizing"); |
| 292 |
return SASL_BUFOVER; |
| 293 |
} |
| 290 |
memcpy(userbuf, user, ulen); |
294 |
memcpy(userbuf, user, ulen); |
| 291 |
userbuf[ulen] = '\0'; |
295 |
userbuf[ulen] = '\0'; |
| 292 |
user = userbuf; |
296 |
user = userbuf; |
|
Lines 345-350
Link Here
|
| 345 |
|
349 |
|
| 346 |
/* make a working copy of the authzid */ |
350 |
/* make a working copy of the authzid */ |
| 347 |
if (!rlen) rlen = strlen(requested_user); |
351 |
if (!rlen) rlen = strlen(requested_user); |
|
|
352 |
if (rlen > MAX_MAILBOX_NAME) { |
| 353 |
sasl_seterror(conn, 0, "buffer overflow while proxying"); |
| 354 |
return SASL_BUFOVER; |
| 355 |
} |
| 348 |
memcpy(userbuf, requested_user, rlen); |
356 |
memcpy(userbuf, requested_user, rlen); |
| 349 |
userbuf[rlen] = '\0'; |
357 |
userbuf[rlen] = '\0'; |
| 350 |
requested_user = userbuf; |
358 |
requested_user = userbuf; |
|
Lines 2347-2357
Link Here
|
| 2347 |
while (!r && c == ' ') { |
2355 |
while (!r && c == ' ') { |
| 2348 |
/* Grow the stage array, if necessary */ |
2356 |
/* Grow the stage array, if necessary */ |
| 2349 |
if (numstage == numalloc) { |
2357 |
if (numstage == numalloc) { |
|
|
2358 |
/* Avoid integer wrap as arg to xrealloc */ |
| 2359 |
if (numalloc > INT_MAX/(2*sizeof(struct appendstage *))) |
| 2360 |
goto done; |
| 2350 |
numalloc *= 2; |
2361 |
numalloc *= 2; |
| 2351 |
stage = xrealloc(stage, numalloc * sizeof(struct appendstage *)); |
2362 |
stage = xrealloc(stage, numalloc * sizeof(struct appendstage *)); |
| 2352 |
} |
2363 |
} |
| 2353 |
curstage = stage[numstage++] = xzmalloc(sizeof(struct appendstage)); |
2364 |
curstage = stage[numstage] = xzmalloc(sizeof(struct appendstage)); |
| 2354 |
|
2365 |
numstage++; |
| 2355 |
/* Parse flags */ |
2366 |
/* Parse flags */ |
| 2356 |
c = getword(imapd_in, &arg); |
2367 |
c = getword(imapd_in, &arg); |
| 2357 |
if (c == '(' && !arg.s[0]) { |
2368 |
if (c == '(' && !arg.s[0]) { |
|
Lines 2370-2376
Link Here
|
| 2370 |
(char **) xrealloc((char *) curstage->flag, |
2381 |
(char **) xrealloc((char *) curstage->flag, |
| 2371 |
curstage->flagalloc * sizeof(char *)); |
2382 |
curstage->flagalloc * sizeof(char *)); |
| 2372 |
} |
2383 |
} |
| 2373 |
curstage->flag[curstage->nflags++] = xstrdup(arg.s); |
2384 |
curstage->flag[curstage->nflags] = xstrdup(arg.s); |
|
|
2385 |
curstage->nflags++; |
| 2374 |
} while (c == ' '); |
2386 |
} while (c == ' '); |
| 2375 |
if (c != ')') { |
2387 |
if (c != ')') { |
| 2376 |
parseerr = |
2388 |
parseerr = |
|
Lines 2764-2773
Link Here
|
| 2764 |
int binsize = 0; |
2776 |
int binsize = 0; |
| 2765 |
|
2777 |
|
| 2766 |
p = section = fetchatt.s + 7; |
2778 |
p = section = fetchatt.s + 7; |
| 2767 |
if (*p == 'P') { |
2779 |
if (!strncmp(p, "PEEK[", 5)) { |
| 2768 |
p = section += 5; |
2780 |
p = section += 5; |
| 2769 |
} |
2781 |
} |
| 2770 |
else if (*p == 'S') { |
2782 |
else if (!strncmp(p, "SIZE[", 5)) { |
| 2771 |
p = section += 5; |
2783 |
p = section += 5; |
| 2772 |
binsize = 1; |
2784 |
binsize = 1; |
| 2773 |
} |
2785 |
} |
|
Lines 2807-2813
Link Here
|
| 2807 |
else if (!strncmp(fetchatt.s, "BODY[", 5) || |
2819 |
else if (!strncmp(fetchatt.s, "BODY[", 5) || |
| 2808 |
!strncmp(fetchatt.s, "BODY.PEEK[", 10)) { |
2820 |
!strncmp(fetchatt.s, "BODY.PEEK[", 10)) { |
| 2809 |
p = section = fetchatt.s + 5; |
2821 |
p = section = fetchatt.s + 5; |
| 2810 |
if (*p == 'P') { |
2822 |
if (!strncmp(p, "PEEK[", 5)) { |
| 2811 |
p = section += 5; |
2823 |
p = section += 5; |
| 2812 |
} |
2824 |
} |
| 2813 |
else { |
2825 |
else { |
|
Lines 3148-3154
Link Here
|
| 3148 |
else if (!strncmp(data, "body[", 5) || |
3160 |
else if (!strncmp(data, "body[", 5) || |
| 3149 |
!strncmp(data, "body.peek[", 10)) { |
3161 |
!strncmp(data, "body.peek[", 10)) { |
| 3150 |
p = section = data + 5; |
3162 |
p = section = data + 5; |
| 3151 |
if (*p == 'p') { |
3163 |
if (!strncmp(p, "peek[", 5)) { |
| 3152 |
p = section += 5; |
3164 |
p = section += 5; |
| 3153 |
} |
3165 |
} |
| 3154 |
else { |
3166 |
else { |
|
Lines 3308-3314
Link Here
|
| 3308 |
flag = (char **)xrealloc((char *)flag, |
3320 |
flag = (char **)xrealloc((char *)flag, |
| 3309 |
flagalloc*sizeof(char *)); |
3321 |
flagalloc*sizeof(char *)); |
| 3310 |
} |
3322 |
} |
| 3311 |
flag[nflags++] = xstrdup(flagname.s); |
3323 |
flag[nflags] = xstrdup(flagname.s); |
|
|
3324 |
nflags++; |
| 3312 |
} |
3325 |
} |
| 3313 |
|
3326 |
|
| 3314 |
flagsparsed++; |
3327 |
flagsparsed++; |