From 6b44fc75c0039d1006ce4d543544552449b8e229 Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Thu, 5 Jan 2017 10:50:55 +0200 Subject: [PATCH] lib-storage: Prevent recursion in header parsing If header parsing error occurs and error handling tries to get fields, such as Message-ID, it will cause crash. This fixes problem by preventing reading from non-cached headers while they are being parsed. Fixes lmtp: Panic: file ../../../src/lib/array.h: line 219 (array_idx_i): assertion failed: (idx * array->element_size < array->buffer->used) --- src/lib-storage/index/index-mail-headers.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/lib-storage/index/index-mail-headers.c b/src/lib-storage/index/index-mail-headers.c index ae5cad6730..27ea3148bf 100644 --- a/src/lib-storage/index/index-mail-headers.c +++ b/src/lib-storage/index/index-mail-headers.c @@ -634,7 +634,14 @@ index_mail_get_raw_headers(struct index_mail *mail, const char *field, _mail->seq, &field_idx, 1) <= 0) { /* not in cache / error - first see if it's already parsed */ p_free(mail->mail.data_pool, dest); - + if (mail->data.header_parser_initialized) { + /* don't try to parse headers recursively. we're here + because message size was wrong and istream-mail + wants to log some cached headers. */ + i_assert(mail->lookup_abort == MAIL_LOOKUP_ABORT_NOT_IN_CACHE); + mail_set_aborted(mail); + return -1; + } if (mail->header_seq != mail->data.seq || index_mail_header_is_parsed(mail, field_idx) < 0) { /* parse */