romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 21:31:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

imap: check buffer length before accessing it

Browse source 
Pointed out by ZeroPath

Closes #19887
This commit is contained in:
Daniel Stenberg 2025-12-09 10:04:34 +01:00
parent 4c3614304f
commit 43c781a116
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/imap.c
View file

@ -1308,13 +1308,13 @@ static CURLcode imap_state_select_resp(struct Curl_easy *data,
imapstate instate)
{
CURLcode result = CURLE_OK;
const char *line = curlx_dyn_ptr(&imapc->pp.recvbuf);
(void)instate;
if(imapcode == '*') {
/* See if this is an UIDVALIDITY response */
if(checkprefix("OK [UIDVALIDITY ", line + 2)) {
const char *line = curlx_dyn_ptr(&imapc->pp.recvbuf);
size_t len = curlx_dyn_len(&imapc->pp.recvbuf);
if((len >= 18) && checkprefix("OK [UIDVALIDITY ", &line[2])) {
curl_off_t value;
const char *p = &line[2] + strlen("OK [UIDVALIDITY ");
if(!curlx_str_number(&p, &value, UINT_MAX)) {