Menu
▾
▴
[Re-alpine-bugs] Alpine crashes talking to non-compliant IMAP server
|
From: Mark C. <mrc...@pa...> - 2009-06-09 16:15:32
|
Here's my present for the project. I already fixed this in Panda IMAP.
Rather than submit a patch, I'll tell you what the problem is and let you
figure it out. It shouldn't be difficult. If you like, I'll review your
patch after you do it and tell you if it's right.
The problems are in imap/src/c-client/imap4r1.c and are caused by
references to null pointers.
[1] The code block starting at line 3722:
else if ((!strcmp (s,"FETCH") || !strcmp (s,"STORE")) &&
msgno && (msgno <= stream->nmsgs)) {
assumes that t has a pointer to the response values. However, t can be
null at this point.
Just include a condition for t being non-null in this if test.
[2] The code at line 3733:
while (prop = (strtok_r (t," )",&r))) {
t = strtok_r (NIL,"\n",&r);
parses a property into prop, and the start of the property value into t.
If the string terminated with the property, then the property value is
null, and the subsequent code does not expect it.
You need to test for t being set null here. If it is null, output an
error message such as "Missing data for property", set stream->unhealthy,
and do not continue parsing this property value. There are numerous
example of how to output an error message in that routine. The important
thing is that you do NOT run the code starting at the INIT_GETS() at line
3735, and instead resume at the end of that code block at line 3881
(comment "note envelope if we got one").
You can do this with an if test and a continue. Somewhat more elegant is
to move the t assignment within the while, and have the error message come
out after the while under an "if (prop)" test (since the condition will
happen only if prop is non-null and t is null).
Well, I kind of told you the patches after all. Good luck!
-- Mark --
http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.
|
