1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
SECURITY; GNOME #447414; FEDORA-2007-0464; Debian #429876; fixes potential
negative array index usage in IMAP code (remote).
2007-06-14 Philip Van Hoof <pvanhoof@gnome.org>
* camel-imap-folder.c: Security bugfix. The sequence can be a negative
value while it is being used as the index of an array (#447414)
diff -Nur evolution-data-server-1.6.3/camel/providers/imap/camel-imap-folder.c evolution-data-server-1.6.3.new/camel/providers/imap/camel-imap-folder.c
--- evolution-data-server-1.6.3/camel/providers/imap/camel-imap-folder.c 2006-06-22 06:44:50.000000000 +0200
+++ evolution-data-server-1.6.3.new/camel/providers/imap/camel-imap-folder.c 2007-06-21 13:44:13.000000000 +0200
@@ -647,7 +647,7 @@
uid = g_datalist_get_data (&data, "UID");
flags = GPOINTER_TO_UINT (g_datalist_get_data (&data, "FLAGS"));
- if (!uid || !seq || seq > summary_len) {
+ if (!uid || !seq || seq > summary_len || seq < 0) {
g_datalist_clear (&data);
continue;
}
@@ -2748,7 +2748,7 @@
if (*response != '*' || *(response + 1) != ' ')
return NULL;
- seq = strtol (response + 2, &response, 10);
+ seq = strtoul (response + 2, &response, 10);
if (seq == 0)
return NULL;
if (g_ascii_strncasecmp (response, " FETCH (", 8) != 0)
|
