summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-01-13 06:35:12 +0100
committerDaniel Stenberg <daniel@haxx.se>2018-01-15 21:40:52 +0100
commit8dd4edeb90ab7bb1df5339fd29422860bf86c585 (patch)
treee92ea71f0d9d9ec7108383b5c4ddef2b1fb9c326
parent84fcaa2e7300387e2565d3037bad637f5f6d8372 (diff)
downloadcurl-8dd4edeb90ab7bb1df5339fd29422860bf86c585.tar.gz
smtp/pop3/imap_get_message: decrease the data length too...
Follow-up commit to 615edc1f73 which was incomplete. Assisted-by: Max Dymond Detected by OSS-fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
Diffstat
-rw-r--r--lib/imap.c8
-rw-r--r--lib/pop3.c8
-rw-r--r--lib/smtp.c8
3 files changed, 15 insertions, 9 deletions
diff --git a/lib/imap.c b/lib/imap.c
index 63a998b2b..cf278a22b 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -349,11 +349,13 @@ static void imap_get_message(char *buffer, char **outptr)
if(len > 2) {
/* Find the start of the message */
- for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
+ len -= 2;
+ for(message = buffer + 2; *message == ' ' || *message == '\t';
+ message++, len--)
;
/* Find the end of the message */
- for(len -= 2; len--;)
+ for(; len--;)
if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
message[len] != '\t')
break;
diff --git a/lib/pop3.c b/lib/pop3.c
index 40dde1052..78f6afef1 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -248,11 +248,13 @@ static void pop3_get_message(char *buffer, char **outptr)
if(len > 2) {
/* Find the start of the message */
- for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
+ len -= 2;
+ for(message = buffer + 2; *message == ' ' || *message == '\t';
+ message++, len--)
;
/* Find the end of the message */
- for(len -= 2; len--;)
+ for(; len--;)
if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
message[len] != '\t')
break;
diff --git a/lib/smtp.c b/lib/smtp.c
index b31ecb4b0..d9f1a854a 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -237,11 +237,13 @@ static void smtp_get_message(char *buffer, char **outptr)
if(len > 4) {
/* Find the start of the message */
- for(message = buffer + 4; *message == ' ' || *message == '\t'; message++)
+ len -= 4;
+ for(message = buffer + 4; *message == ' ' || *message == '\t';
+ message++, len--)
;
/* Find the end of the message */
- for(len -= 4; len--;)
+ for(; len--;)
if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
message[len] != '\t')
break;
View Lorry Controller Status