Skip to content

Commit e226ba8

Browse files
Unique-Usmanttaylorr
Unique-Usman
authored and
ttaylorr
committed
imap: replace atoi() with strtol_i() for UIDVALIDITY and UIDNEXT parsing
Replace unsafe uses of atoi() with strtol_i() to improve error handling when parsing UIDVALIDITY, UIDNEXT, and APPENDUID in IMAP commands. Invalid values, such as those with letters, now trigger error messages and prevent malformed status responses. I did not add any test for this commit as we do not have any test for git-imap-send(1) at this point. Signed-off-by: Usman Akinyemi <[email protected]> Signed-off-by: Taylor Blau <[email protected]>
1 parent e36f009 commit e226ba8

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

imap-send.c

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -668,12 +668,12 @@ static int parse_response_code(struct imap_store *ctx, struct imap_cmd_cb *cb,
668668
return RESP_BAD;
669669
}
670670
if (!strcmp("UIDVALIDITY", arg)) {
671-
if (!(arg = next_arg(&s)) || !(ctx->uidvalidity = atoi(arg))) {
671+
if (!(arg = next_arg(&s)) || strtol_i(arg, 10, &ctx->uidvalidity) || !ctx->uidvalidity) {
672672
fprintf(stderr, "IMAP error: malformed UIDVALIDITY status\n");
673673
return RESP_BAD;
674674
}
675675
} else if (!strcmp("UIDNEXT", arg)) {
676-
if (!(arg = next_arg(&s)) || !(imap->uidnext = atoi(arg))) {
676+
if (!(arg = next_arg(&s)) || strtol_i(arg, 10, &imap->uidnext) || !imap->uidnext) {
677677
fprintf(stderr, "IMAP error: malformed NEXTUID status\n");
678678
return RESP_BAD;
679679
}
@@ -686,8 +686,8 @@ static int parse_response_code(struct imap_store *ctx, struct imap_cmd_cb *cb,
686686
for (; isspace((unsigned char)*p); p++);
687687
fprintf(stderr, "*** IMAP ALERT *** %s\n", p);
688688
} else if (cb && cb->ctx && !strcmp("APPENDUID", arg)) {
689-
if (!(arg = next_arg(&s)) || !(ctx->uidvalidity = atoi(arg)) ||
690-
!(arg = next_arg(&s)) || !(*(int *)cb->ctx = atoi(arg))) {
689+
if (!(arg = next_arg(&s)) || strtol_i(arg, 10, &ctx->uidvalidity) || !ctx->uidvalidity ||
690+
!(arg = next_arg(&s)) || strtol_i(arg, 10, (int *)cb->ctx) || !cb->ctx) {
691691
fprintf(stderr, "IMAP error: malformed APPENDUID status\n");
692692
return RESP_BAD;
693693
}
@@ -773,7 +773,10 @@ static int get_cmd_result(struct imap_store *ctx, struct imap_cmd *tcmd)
773773
if (!tcmd)
774774
return DRV_OK;
775775
} else {
776-
tag = atoi(arg);
776+
if (strtol_i(arg, 10, &tag)) {
777+
fprintf(stderr, "IMAP error: malformed tag %s\n", arg);
778+
return RESP_BAD;
779+
}
777780
for (pcmdp = &imap->in_progress; (cmdp = *pcmdp); pcmdp = &cmdp->next)
778781
if (cmdp->tag == tag)
779782
goto gottag;

0 commit comments

Comments
 (0)