Fix a buffer overflow in utf8_to_utf7.

author Edmund GRIMLEY EVANS <edmundo@rano.org>

Wed, 19 Mar 2003 21:31:59 +0000 (21:31 +0000)

committer Edmund GRIMLEY EVANS <edmundo@rano.org>

Wed, 19 Mar 2003 21:31:59 +0000 (21:31 +0000)
author Edmund GRIMLEY EVANS <edmundo@rano.org>
Wed, 19 Mar 2003 21:31:59 +0000 (21:31 +0000)
committer Edmund GRIMLEY EVANS <edmundo@rano.org>
Wed, 19 Mar 2003 21:31:59 +0000 (21:31 +0000)
diff --git a/imap/utf7.c b/imap/utf7.c

index 14211a07be9c2553cb0c40d91401f684ffc5cf20..f792cd48027097752e4d942f67418f7b8f4b8c21 100644 (file)
--- a/imap/utf7.c
+++ b/imap/utf7.c
@@ -149,7 +149,11 @@ static char *utf8_to_utf7 (const char *u8, size_t u8len, char **u7,
    int n, i, b = 0, k = 0;
    int base64 = 0;
  
-  p = buf = safe_malloc (u8len * 2 + 1);
+  /*
+   * In the worst case we convert 2 chars to 7 chars. For example:
+   * "\x10&\x10&..." -> "&ABA-&-&ABA-&-...".
+   */
+  p = buf = safe_malloc ((u8len / 2) * 7 + 6);
  
    while (u8len)
    {
author	Edmund GRIMLEY EVANS <edmundo@rano.org>
	Wed, 19 Mar 2003 21:31:59 +0000 (21:31 +0000)
committer	Edmund GRIMLEY EVANS <edmundo@rano.org>
	Wed, 19 Mar 2003 21:31:59 +0000 (21:31 +0000)