28 lines
987 B
Diff
28 lines
987 B
Diff
2007-06-14 Philip Van Hoof <pvanhoof@gnome.org>
|
|
|
|
* camel-imap-folder.c: Security bugfix. The sequence can be a negative
|
|
value while it is being used as the index of an array (#447414)
|
|
|
|
Index: providers/imap/camel-imap-folder.c
|
|
===================================================================
|
|
--- camel/providers/imap/camel-imap-folder.c (revision 7815)
|
|
+++ camel/providers/imap/camel-imap-folder.c (working copy)
|
|
@@ -656,7 +656,7 @@
|
|
uid = g_datalist_get_data (&data, "UID");
|
|
flags = GPOINTER_TO_UINT (g_datalist_get_data (&data, "FLAGS"));
|
|
|
|
- if (!uid || !seq || seq > summary_len) {
|
|
+ if (!uid || !seq || seq > summary_len || seq < 0) {
|
|
g_datalist_clear (&data);
|
|
continue;
|
|
}
|
|
@@ -2790,7 +2790,7 @@
|
|
|
|
if (*response != '*' || *(response + 1) != ' ')
|
|
return NULL;
|
|
- seq = strtol (response + 2, &response, 10);
|
|
+ seq = strtoul (response + 2, &response, 10);
|
|
if (seq == 0)
|
|
return NULL;
|
|
if (g_ascii_strncasecmp (response, " FETCH (", 8) != 0)
|