Blame SOURCES/dovecot-2.2.36-cve2019_11500_part2of4.patch

c9ace8
From a56b0636b1bf9c7677c6fca9681f48752af700a1 Mon Sep 17 00:00:00 2001
c9ace8
From: Timo Sirainen <timo.sirainen@open-xchange.com>
c9ace8
Date: Fri, 17 May 2019 10:33:53 +0300
c9ace8
Subject: [PATCH 2/2] lib-imap: Make sure str_unescape() won't be writing past
c9ace8
 allocated memory
c9ace8
c9ace8
The previous commit should already prevent this, but this makes sure it
c9ace8
can't become broken in the future either. It makes the performance a tiny
c9ace8
bit worse, but that's not practically noticeable.
c9ace8
---
c9ace8
 src/lib-imap/imap-parser.c | 6 ++----
c9ace8
 1 file changed, 2 insertions(+), 4 deletions(-)
c9ace8
c9ace8
diff --git a/src/lib-imap/imap-parser.c b/src/lib-imap/imap-parser.c
c9ace8
index f41668d7a..7f58d99e2 100644
c9ace8
--- a/src/lib-imap/imap-parser.c
c9ace8
+++ b/src/lib-imap/imap-parser.c
c9ace8
@@ -267,10 +267,8 @@ static void imap_parser_save_arg(struct imap_parser *parser,
c9ace8
 
c9ace8
 		/* remove the escapes */
c9ace8
 		if (parser->str_first_escape >= 0 &&
c9ace8
-		    (parser->flags & IMAP_PARSE_FLAG_NO_UNESCAPE) == 0) {
c9ace8
-			/* -1 because we skipped the '"' prefix */
c9ace8
-			(void)str_unescape(str + parser->str_first_escape-1);
c9ace8
-		}
c9ace8
+		    (parser->flags & IMAP_PARSE_FLAG_NO_UNESCAPE) == 0)
c9ace8
+			(void)str_unescape(str);
c9ace8
 		arg->_data.str = str;
c9ace8
 		arg->str_len = strlen(str);
c9ace8
 		break;
c9ace8
-- 
c9ace8
2.11.0
c9ace8