From: Kevin McCarthy <kevin@8t8.us>
Date: Fri, 13 Jul 2018 19:35:50 +0000 (-0700)
Subject: Verify IMAP status mailbox literal count size.
X-Git-Tag: mutt-1-10-1-rel~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e57a8602b45f58edf7b3ffb61bb17525d75dfcb1;p=mutt

Verify IMAP status mailbox literal count size.

Ensure the length isn't bigger than the idata->buf.

Thanks to Jeriko One fo the bug report and patch, which this commit is
based upon.
---

diff --git a/imap/command.c b/imap/command.c
index bb267f62..6abd759d 100644
--- a/imap/command.c
+++ b/imap/command.c
@@ -969,6 +969,13 @@ static void cmd_parse_status (IMAP_DATA* idata, char* s)
       idata->status = IMAP_FATAL;
       return;
     }
+
+    if (strlen(idata->buf) < litlen)
+    {
+      dprint (1, (debugfile, "Error parsing STATUS mailbox\n"));
+      return;
+    }
+
     mailbox = idata->buf;
     s = mailbox + litlen;
     *s = '\0';