Skip to content

Commit 5afb183

Browse files
InterLinked1InterLinked1
committed
net_imap: Fix crash in unsolicited STATUS with remote mailbox selected.
With NOTIFY enabled, if a new message arrived to a local mailbox while a remote mailbox is selected, when generating the untagged STATUS, a NULL dereference would occur since adding APPENDLIMIT involves a call to mailbox_quota, but imap->mbox would be NULL since no local mailbox is selected. Since the APPENDLIMIT isn't expected to change frequently anyways, simply omit APPENDLIMIT from the STATUS message in these cases. LBBS-151 #close
1 parent dd6ccf9 commit 5afb183

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

nets/net_imap.c

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1619,16 +1619,20 @@ static void construct_status(struct imap_session *imap, struct imap_traversal *t
16191619
{
16201620
char *pos = buf;
16211621
size_t left = len;
1622-
unsigned int appendlimit;
16231622

16241623
SAFE_FAST_COND_APPEND(buf, len, pos, left, strstr(s, "MESSAGES"), "MESSAGES %d", traversal->totalnew + traversal->totalcur);
16251624
SAFE_FAST_COND_APPEND(buf, len, pos, left, strstr(s, "RECENT"), "RECENT %d", traversal->totalnew);
16261625
SAFE_FAST_COND_APPEND(buf, len, pos, left, strstr(s, "UIDNEXT"), "UIDNEXT %d", traversal->uidnext + 1);
16271626
SAFE_FAST_COND_APPEND(buf, len, pos, left, strstr(s, "UIDVALIDITY"), "UIDVALIDITY %d", traversal->uidvalidity);
16281627
/* Unlike with SELECT, this is the TOTAL number of unseen messages, not merely the first one */
16291628
SAFE_FAST_COND_APPEND(buf, len, pos, left, strstr(s, "UNSEEN"), "UNSEEN %d", traversal->totalunseen);
1630-
appendlimit = MIN((unsigned int) mailbox_quota(imap->mbox), max_append_size);
1631-
SAFE_FAST_COND_APPEND(buf, len, pos, left, strstr(s, "APPENDLIMIT"), "APPENDLIMIT %u", appendlimit);
1629+
if (imap->mbox) {
1630+
/* If idling on remote mailbox with NOTIFY enabled, imap->mbox may be NULL at the moment;
1631+
* since APPENDLIMIT isn't expected to change frequently anyways, just skip it in these cases.
1632+
* In general, depending on the mailbox, this may not even be the right value to use here. */
1633+
unsigned int appendlimit = MIN((unsigned int) mailbox_quota(imap->mbox), max_append_size);
1634+
SAFE_FAST_COND_APPEND(buf, len, pos, left, strstr(s, "APPENDLIMIT"), "APPENDLIMIT %u", appendlimit);
1635+
}
16321636
SAFE_FAST_COND_APPEND(buf, len, pos, left, strstr(s, "HIGHESTMODSEQ"), "HIGHESTMODSEQ %lu", maxmodseq);
16331637
/* RFC 8438 STATUS=SIZE extension */
16341638
SAFE_FAST_COND_APPEND(buf, len, pos, left, strstr(s, "SIZE"), "SIZE %lu", traversal->totalsize);

0 commit comments

Comments
 (0)