From 8f976af17bdb049dab21bd4f7d24f352a54c9ba0 Mon Sep 17 00:00:00 2001 From: Koni Marti Date: Thu, 28 Apr 2022 21:51:54 +0200 Subject: imap: fix out-of-range panic for imap updates Check slice bounds before using it for the message and expunge updates. Log the error but ignore the affected updates. Link: https://lists.sr.ht/~rjarry/aerc-devel/%3CCJEHBFFUI11T.1AYGOMVGZ87ZS%40rek2system%3E Reported-by: ReK2 Signed-off-by: Koni Marti Acked-by: Robin Jarry --- worker/imap/worker.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'worker/imap') diff --git a/worker/imap/worker.go b/worker/imap/worker.go index 2036ee19..cc9434f5 100644 --- a/worker/imap/worker.go +++ b/worker/imap/worker.go @@ -281,6 +281,12 @@ func (w *IMAPWorker) handleMessage(msg types.WorkerMessage) error { func (w *IMAPWorker) handleImapUpdate(update client.Update) { w.worker.Logger.Printf("(= %T", update) + checkBounds := func(idx, size int) bool { + if idx < 0 || idx >= size { + return false + } + return true + } switch update := update.(type) { case *client.MailboxUpdate: status := update.Mailbox @@ -301,6 +307,10 @@ func (w *IMAPWorker) handleImapUpdate(update client.Update) { case *client.MessageUpdate: msg := update.Message if msg.Uid == 0 { + if ok := checkBounds(int(msg.SeqNum)-1, len(w.seqMap)); !ok { + w.worker.Logger.Println("MessageUpdate error: index out of range") + return + } msg.Uid = w.seqMap[msg.SeqNum-1] } w.worker.PostMessage(&types.MessageInfo{ @@ -314,6 +324,10 @@ func (w *IMAPWorker) handleImapUpdate(update client.Update) { }, nil) case *client.ExpungeUpdate: i := update.SeqNum - 1 + if ok := checkBounds(int(i), len(w.seqMap)); !ok { + w.worker.Logger.Println("ExpungeUpdate error: index out of range") + return + } uid := w.seqMap[i] w.seqMap = append(w.seqMap[:i], w.seqMap[i+1:]...) w.worker.PostMessage(&types.MessagesDeleted{ -- cgit