Commit e0131852 authored by Kevin J. McCarthy's avatar Kevin J. McCarthy

Fix imap_quote_string() length check errors.

The function wasn't properly checking for dlen<2 before quoting, and
wasn't properly pre-adjusting dlen to include the initial quote.

Thanks to Jeriko One for reporting these issues.
parent 4ff007ca
...@@ -614,20 +614,29 @@ static void _imap_quote_string (char *dest, size_t dlen, const char *src, ...@@ -614,20 +614,29 @@ static void _imap_quote_string (char *dest, size_t dlen, const char *src,
char *pt; char *pt;
const char *s; const char *s;
if (!(dest && dlen && src && to_quote))
return;
if (dlen < 3)
{
*dest = 0;
return;
}
pt = dest; pt = dest;
s = src; s = src;
*pt++ = '"'; /* save room for pre/post quote-char and trailing null */
/* save room for trailing quote-char */ dlen -= 3;
dlen -= 2;
*pt++ = '"';
for (; *s && dlen; s++) for (; *s && dlen; s++)
{ {
if (strchr (to_quote, *s)) if (strchr (to_quote, *s))
{ {
if (dlen < 2)
break;
dlen -= 2; dlen -= 2;
if (!dlen)
break;
*pt++ = '\\'; *pt++ = '\\';
*pt++ = *s; *pt++ = *s;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment