diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2016-08-11 21:14:43 -0600 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2016-08-11 21:14:43 -0600 |
| commit | aa5a0714e2ae3c401ac9e6901dde87ad70568d8c (patch) | |
| tree | 77499e2bf845fe982004d88fb42a71ed8a15ccd7 /pith/mailcmd.c | |
| parent | 3d3df2b3153af567b6b17c05052ab21e9b2e9a00 (diff) | |
| download | alpine-aa5a0714e2ae3c401ac9e6901dde87ad70568d8c.tar.xz | |
* Protect all calls to mail_elt in pith/ and alpine/ code. Protect means
to check for correct range of message number before calling mail_elt.
* Work in progress: correct some uses of system calls that do not check
for returned value. This work will follow the lead given by Christian
Kujau and Asheesh Laroia. Expect more changes of this type in
subsequent commits.
Diffstat (limited to 'pith/mailcmd.c')
| -rw-r--r-- | pith/mailcmd.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/pith/mailcmd.c b/pith/mailcmd.c index 903d43c8..69a491e7 100644 --- a/pith/mailcmd.c +++ b/pith/mailcmd.c @@ -2595,15 +2595,18 @@ search_for_our_regex_addresses(MAILSTREAM *stream, char type, int not, } if(addr1 && address_is_us(addr1, ps_global)){ - if((mc=mail_elt(stream, rawno)) != NULL) + if(rawno > 0L && rawno <= stream->nmsgs + && (mc=mail_elt(stream, rawno)) != NULL) mm_searched(stream, rawno); } else if(addr2 && address_is_us(addr2, ps_global)){ - if((mc=mail_elt(stream, rawno)) != NULL) + if(rawno > 0L && rawno <= stream->nmsgs + && (mc=mail_elt(stream, rawno)) != NULL) mm_searched(stream, rawno); } else if(addr3 && address_is_us(addr3, ps_global)){ - if((mc=mail_elt(stream, rawno)) != NULL) + if(rawno > 0L && rawno <= stream->nmsgs + && (mc=mail_elt(stream, rawno)) != NULL) mm_searched(stream, rawno); } } |