Fixed a NULL pointer dereference and an infinite loop issue when parsing flags
This commit is contained in:
parent
c5073fefb4
commit
238454fd2e
|
|
@ -666,8 +666,8 @@ static int _context_fetch_flags(IMAP4 * imap4, char const * answer)
|
||||||
char const * name;
|
char const * name;
|
||||||
MailerMessageFlag flag;
|
MailerMessageFlag flag;
|
||||||
} flags[] = {
|
} flags[] = {
|
||||||
{ "Answered", MMF_ANSWERED },
|
{ "\\Answered", MMF_ANSWERED },
|
||||||
{ "Draft", MMF_DRAFT }
|
{ "\\Draft", MMF_DRAFT }
|
||||||
};
|
};
|
||||||
|
|
||||||
/* skip spaces */
|
/* skip spaces */
|
||||||
|
|
@ -683,14 +683,24 @@ static int _context_fetch_flags(IMAP4 * imap4, char const * answer)
|
||||||
return -1;
|
return -1;
|
||||||
for(i++; answer[i] != '\0' && answer[i] != ')';)
|
for(i++; answer[i] != '\0' && answer[i] != ')';)
|
||||||
{
|
{
|
||||||
if(answer[i++] != '\\')
|
for(j = i; isalpha((unsigned char)answer[j])
|
||||||
return -1;
|
|| answer[j] == '\\' || answer[j] == '$'; j++);
|
||||||
for(j = i; isalpha((unsigned char)answer[j]); j++);
|
/* give up if there is no flag */
|
||||||
|
if(j == i)
|
||||||
|
{
|
||||||
|
for(; answer[i] != '\0' && answer[i] != ')'; i++);
|
||||||
|
break;
|
||||||
|
}
|
||||||
/* apply the flag */
|
/* apply the flag */
|
||||||
for(k = 0; k < sizeof(flags) / sizeof(*flags); k++)
|
for(k = 0; k < sizeof(flags) / sizeof(*flags); k++)
|
||||||
if(strncmp(&answer[i], flags[k].name, j - i) == 0)
|
if(strncmp(&answer[i], flags[k].name, j - i) == 0)
|
||||||
|
{
|
||||||
|
/* FIXME make sure message != NULL */
|
||||||
|
if(message == NULL)
|
||||||
|
continue;
|
||||||
helper->message_set_flag(message->message,
|
helper->message_set_flag(message->message,
|
||||||
flags[k].flag);
|
flags[k].flag);
|
||||||
|
}
|
||||||
/* skip spaces */
|
/* skip spaces */
|
||||||
for(i = j; answer[i] == ' '; i++);
|
for(i = j; answer[i] == ' '; i++);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user