upstream/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2026-06-13 19:00:34 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Mail: fixed type overflow in IMAP literal length parser.
Some checks failed
buildbot / buildbot (push) Has been cancelled
Details

Browse source 
The overflow is safe, because the maximum length of literals
is limited with the "imap_client_buffer" directive.

Reported by Bartłomiej Dmitruk.
This commit is contained in:
Sergey Kandaurov 2026-02-27 21:46:04 +04:00 committed by Sergey Kandaurov
parent aa65a60fc7
commit dff46cd1ae
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/mail/ngx_mail_parse.c
View file

@ -539,6 +539,9 @@ ngx_mail_imap_parse_command(ngx_mail_session_t *s)
break;
case sw_literal:
if (s->literal_len > NGX_MAX_SIZE_T_VALUE / 10) {
goto invalid;
}
if (ch >= '0' && ch <= '9') {
s->literal_len = s->literal_len * 10 + (ch - '0');
break;