From a4a250d5f51a76e14f8f20b8adb4021293fab6c8 Mon Sep 17 00:00:00 2001 From: Kevin McCarthy Date: Sun, 7 Jan 2018 12:12:42 -0800 Subject: [PATCH] Fix imap status count range check. The strtoul() call for parsing the STATUS count wasn't checking the range properly, because it was assigning to an unsigned int. Change to assign to a unsigned long, and also add the conversion check from mutt_atoui(). Thanks to Charles (@chdiza) for quickly noticing the problem! --- imap/command.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/imap/command.c b/imap/command.c index c13bf8416..df9d9ac94 100644 --- a/imap/command.c +++ b/imap/command.c @@ -635,6 +635,7 @@ static void cmd_parse_status(struct ImapData *idata, char *s) char *value = NULL; struct Buffy *inc = NULL; struct ImapMbox mx; + unsigned long ulcount; unsigned int count; struct ImapStatus *status = NULL; unsigned int olduv, oldun; @@ -679,12 +680,13 @@ static void cmd_parse_status(struct ImapData *idata, char *s) value = imap_next_word(s); errno = 0; - count = strtoul(value, &value, 10); - if (errno == ERANGE && count == ULONG_MAX) + ulcount = strtoul(value, &value, 10); + if (((errno == ERANGE) && (ulcount == ULONG_MAX)) || ((unsigned int) ulcount != ulcount)) { mutt_debug(1, "Error parsing STATUS number\n"); return; } + count = (unsigned int) ulcount; if (mutt_str_strncmp("MESSAGES", s, 8) == 0) { -- 2.50.1