Fix imap_quote_string() length check errors.

The function wasn't properly checking for dlen<2 before quoting, and wasn't properly pre-adjusting dlen to include the initial quote. Thanks to Jeriko One for reporting these issues.

Fix imap_quote_string() length check errors.
The function wasn't properly checking for dlen<2 before quoting, and wasn't properly pre-adjusting dlen to include the initial quote. Thanks to Jeriko One for reporting these issues.
e0131852 · Kevin J. McCarthy · 4ff007ca · e0131852
Commit e0131852 authored Jul 12, 2018 by Kevin J. McCarthy
--- a/imap/util.c
+++ b/imap/util.c
@@ -614,20 +614,29 @@ static void _imap_quote_string (char *dest, size_t dlen, const char *src,
  char *pt;
  const char *s;
+  if (!(dest && dlen && src && to_quote))
+    return;
+  if (dlen < 3)
+  {
+    *dest = 0;
+    return;
+  }
  pt = dest;
  s  = src;
-  *pt++ = '"';
+  /* save room for pre/post quote-char and trailing null */
-  /* save room for trailing quote-char */
+  dlen -= 3;
-  dlen -= 2;
+  *pt++ = '"';
  for (; *s && dlen; s++)
  {
    if (strchr (to_quote, *s))
    {
+      if (dlen < 2)
+        break;
      dlen -= 2;
-      if (!dlen)
-	break;
      *pt++ = '\\';
      *pt++ = *s;
    }