Commit 3b6f6b82 authored by Vincent Lefevre's avatar Vincent Lefevre

Avoid undefined behavior on huge integer in a RFC 2231 header.

The atoi() function was called on the index, which can potentially
be huge in an invalid message and can yield undefined behavior. The
mutt_atoi() function is now used for error detection.
parent e8d057a9
Pipeline #61420824 passed with stages
in 3 minutes and 7 seconds
......@@ -146,7 +146,12 @@ void rfc2231_decode_parameters (PARAMETER **headp)
encoded = (*t == '*');
*t = '\0';
index = atoi (s);
/* RFC 2231 says that the index starts at 0 and increments by 1,
thus an overflow should never occur in a valid message, thus
the value INT_MAX in case of overflow does not really matter
(the goal is just to avoid undefined behavior). */
if (mutt_atoi (s, &index))
index = INT_MAX;
conttmp = rfc2231_new_parameter ();
conttmp->attribute = p->attribute;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment