Fix imap status count range check.

The strtoul() call for parsing the STATUS count wasn't checking the
range properly, because it was assigning to an unsigned int.

Change to assign to a unsigned long, and also add the conversion check
from mutt_atoui().

Thanks to Charles (@chdiza) for quickly noticing the problem!

diff --git a/imap/command.c b/imap/command.c
index c13bf8416f088a0959ec73074e4039c3fc791123..df9d9ac9464d325e728de68692977dfdb1b76973 100644 (file)
--- a/imap/command.c
+++ b/imap/command.c
@@ -635,6 +635,7 @@ static void cmd_parse_status(struct ImapData *idata, char *s)
   char *value = NULL;
   struct Buffy *inc = NULL;
   struct ImapMbox mx;
+  unsigned long ulcount;
   unsigned int count;
   struct ImapStatus *status = NULL;
   unsigned int olduv, oldun;
@@ -679,12 +680,13 @@ static void cmd_parse_status(struct ImapData *idata, char *s)
     value = imap_next_word(s);
 
     errno = 0;
-    count = strtoul(value, &value, 10);
-    if (errno == ERANGE && count == ULONG_MAX)
+    ulcount = strtoul(value, &value, 10);
+    if (((errno == ERANGE) && (ulcount == ULONG_MAX)) || ((unsigned int) ulcount != ulcount))
     {
       mutt_debug(1, "Error parsing STATUS number\n");
       return;
     }
+    count = (unsigned int) ulcount;
 
     if (mutt_str_strncmp("MESSAGES", s, 8) == 0)
     {