From: Richard Russon <rich@flatcap.org>
Date: Thu, 9 May 2019 15:17:10 +0000 (+0100)
Subject: check value of 'Content-Length' more carefully
X-Git-Tag: 2019-10-25~216^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=02c7fbdecd51e3c82b78b0be442fa9a9edf02d27;p=neomutt

check value of 'Content-Length' more carefully

Replace `atol()` with `mutt_str_atol()` which has error checking.
Cap the maximum size to 1GiB.  If we exceed this your email to TOO BIG!
---

diff --git a/email/parse.c b/email/parse.c
index 4b1b8f187..86e542625 100644
--- a/email/parse.c
+++ b/email/parse.c
@@ -48,6 +48,10 @@
 #include "rfc2231.h"
 #include "url.h"
 
+/* If the 'Content-Length' is bigger than 1GiB, then it's clearly wrong.
+ * Cap the value to prevent overflow of Body.length */
+#define CONTENT_TOO_BIG (1 << 30)
+
 /**
  * mutt_auto_subscribe - Check if user is subscribed to mailing list
  * @param mailto URI of mailing list subscribe
@@ -593,9 +597,11 @@ int mutt_rfc822_parse_line(struct Envelope *env, struct Email *e, char *line,
           {
             if (e)
             {
-              e->content->length = atol(p);
-              if (e->content->length < 0)
+              int rc = mutt_str_atol(p, &e->content->length);
+              if ((rc < 0) || (e->content->length < 0))
                 e->content->length = -1;
+              if (e->content->length > CONTENT_TOO_BIG)
+                e->content->length = CONTENT_TOO_BIG;
             }
             matched = true;
           }