Fix imap status count range check.

The strtoul() call for parsing the STATUS count wasn't checking the
range properly, because it was assigning to an unsigned int.

Change to assign to a unsigned long, and also add the conversion check
from mutt_atoui().

Thanks to Charles (@chdiza) for quickly noticing the problem!

diff --git a/imap/command.c b/imap/command.c
index c607fcad225d01e54fda9b513b19430c13631bcd..46f07bb0269810e3a055fd3645ed0b4efa178689 100644 (file)
--- a/imap/command.c
+++ b/imap/command.c
@@ -933,6 +933,7 @@ static void cmd_parse_status (IMAP_DATA* idata, char* s)
   char* value;
   BUFFY* inc;
   IMAP_MBOX mx;
+  unsigned long ulcount;
   unsigned int count;
   IMAP_STATUS *status;
   unsigned int olduv, oldun;
@@ -977,12 +978,14 @@ static void cmd_parse_status (IMAP_DATA* idata, char* s)
     value = imap_next_word (s);
 
     errno = 0;
-    count = strtoul (value, &value, 10);
-    if (errno == ERANGE && count == ULONG_MAX)
+    ulcount = strtoul (value, &value, 10);
+    if ((errno == ERANGE && ulcount == ULONG_MAX) ||
+        ((unsigned int) ulcount != ulcount))
     {
       dprint (1, (debugfile, "Error parsing STATUS number\n"));
       return;
     }
+    count = (unsigned int) ulcount;
 
     if (!ascii_strncmp ("MESSAGES", s, 8))
     {