diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-01-13 06:35:12 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-01-15 21:40:52 +0100 |
commit | 8dd4edeb90ab7bb1df5339fd29422860bf86c585 (patch) | |
tree | e92ea71f0d9d9ec7108383b5c4ddef2b1fb9c326 /lib | |
parent | 84fcaa2e7300387e2565d3037bad637f5f6d8372 (diff) | |
download | curl-8dd4edeb90ab7bb1df5339fd29422860bf86c585.tar.gz |
smtp/pop3/imap_get_message: decrease the data length too...
Follow-up commit to 615edc1f73 which was incomplete.
Assisted-by: Max Dymond
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
Diffstat (limited to 'lib')
-rw-r--r-- | lib/imap.c | 8 | ||||
-rw-r--r-- | lib/pop3.c | 8 | ||||
-rw-r--r-- | lib/smtp.c | 8 |
3 files changed, 15 insertions, 9 deletions
diff --git a/lib/imap.c b/lib/imap.c index 63a998b2b..cf278a22b 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -349,11 +349,13 @@ static void imap_get_message(char *buffer, char **outptr) if(len > 2) { /* Find the start of the message */ - for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) + len -= 2; + for(message = buffer + 2; *message == ' ' || *message == '\t'; + message++, len--) ; /* Find the end of the message */ - for(len -= 2; len--;) + for(; len--;) if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && message[len] != '\t') break; diff --git a/lib/pop3.c b/lib/pop3.c index 40dde1052..78f6afef1 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -248,11 +248,13 @@ static void pop3_get_message(char *buffer, char **outptr) if(len > 2) { /* Find the start of the message */ - for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) + len -= 2; + for(message = buffer + 2; *message == ' ' || *message == '\t'; + message++, len--) ; /* Find the end of the message */ - for(len -= 2; len--;) + for(; len--;) if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && message[len] != '\t') break; diff --git a/lib/smtp.c b/lib/smtp.c index b31ecb4b0..d9f1a854a 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -237,11 +237,13 @@ static void smtp_get_message(char *buffer, char **outptr) if(len > 4) { /* Find the start of the message */ - for(message = buffer + 4; *message == ' ' || *message == '\t'; message++) + len -= 4; + for(message = buffer + 4; *message == ' ' || *message == '\t'; + message++, len--) ; /* Find the end of the message */ - for(len -= 4; len--;) + for(; len--;) if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && message[len] != '\t') break; |