Skip to content

Commit 1b0f0d0

Browse files
jeriko-oneflatcap
authored andcommitted
Don't overflow stack buffer in msg_parse_fetch
1 parent 57971db commit 1b0f0d0

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Diff for: imap/message.c

+2-2
Original file line numberDiff line numberDiff line change
@@ -330,7 +330,7 @@ static int msg_parse_fetch(struct ImapHeader *h, char *s)
330330
}
331331
s++;
332332
ptmp = tmp;
333-
while (*s && *s != '\"')
333+
while (*s && (*s != '\"') && (ptmp != (tmp + sizeof(tmp) - 1)))
334334
*ptmp++ = *s++;
335335
if (*s != '\"')
336336
return -1;
@@ -343,7 +343,7 @@ static int msg_parse_fetch(struct ImapHeader *h, char *s)
343343
s += 11;
344344
SKIPWS(s);
345345
ptmp = tmp;
346-
while (isdigit((unsigned char) *s))
346+
while (isdigit((unsigned char) *s) && (ptmp != (tmp + sizeof(tmp) - 1)))
347347
*ptmp++ = *s++;
348348
*ptmp = '\0';
349349
if (mutt_str_atol(tmp, &h->content_length) < 0)

0 commit comments

Comments
 (0)