From 22edfd2b3b20ecf39dfa111cfee22a0f1f24c7ac Mon Sep 17 00:00:00 2001
From: Chuck Hagenbuch <chagenbu@php.net>
Date: Sat, 9 Sep 2000 20:26:15 +0000
Subject: [PATCH] check the range of message numbers in imap_uid.

---
 ext/imap/php_imap.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index a808e23a07..7afd024164 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -2675,7 +2675,7 @@ PHP_FUNCTION(imap_fetchheader)
 PHP_FUNCTION(imap_uid)
 {
  	zval **streamind, **msgno;
- 	int ind, ind_type;
+ 	int ind, ind_type, msgindex;
 	pils *imap_le_struct;
  
  	if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &streamind, &msgno) == FAILURE) {
@@ -2694,6 +2694,12 @@ PHP_FUNCTION(imap_uid)
 		RETURN_FALSE;
 	}
  
+    	msgindex = Z_LVAL_PP(msgno);
+	if ((msgindex < 1) || ((unsigned) msgindex > imap_le_struct->imap_stream->nmsgs)) {
+		php_error(E_WARNING, "Bad message number");
+		RETURN_FALSE;
+	}
+    
 	RETURN_LONG(mail_uid(imap_le_struct->imap_stream, Z_LVAL_PP(msgno)));
 }
 /* }}} */
-- 
2.50.1