]> granicus.if.org Git - neomutt/commitdiff
check value of 'Content-Length' more carefully
authorRichard Russon <rich@flatcap.org>
Thu, 9 May 2019 15:17:10 +0000 (16:17 +0100)
committerRichard Russon <rich@flatcap.org>
Thu, 9 May 2019 15:50:22 +0000 (16:50 +0100)
Replace `atol()` with `mutt_str_atol()` which has error checking.
Cap the maximum size to 1GiB.  If we exceed this your email to TOO BIG!

email/parse.c

index 4b1b8f1871500d066fc0306cdc842393adbcb1cb..86e54262551069b4ebf5d995429b4706936d9f61 100644 (file)
 #include "rfc2231.h"
 #include "url.h"
 
+/* If the 'Content-Length' is bigger than 1GiB, then it's clearly wrong.
+ * Cap the value to prevent overflow of Body.length */
+#define CONTENT_TOO_BIG (1 << 30)
+
 /**
  * mutt_auto_subscribe - Check if user is subscribed to mailing list
  * @param mailto URI of mailing list subscribe
@@ -593,9 +597,11 @@ int mutt_rfc822_parse_line(struct Envelope *env, struct Email *e, char *line,
           {
             if (e)
             {
-              e->content->length = atol(p);
-              if (e->content->length < 0)
+              int rc = mutt_str_atol(p, &e->content->length);
+              if ((rc < 0) || (e->content->length < 0))
                 e->content->length = -1;
+              if (e->content->length > CONTENT_TOO_BIG)
+                e->content->length = CONTENT_TOO_BIG;
             }
             matched = true;
           }