Fix imap status count range check.

The strtoul() call for parsing the STATUS count wasn't checking the range properly, because it was assigning to an unsigned int. Change to assign to a unsigned long, and also add the conversion check from mutt_atoui(). Thanks to Charles (@chdiza) for quickly noticing the problem!
author: Kevin McCarthy <kevin@8t8.us> 2018-01-07 12:12:42 -0800
committer: Kevin McCarthy <kevin@8t8.us> 2018-01-07 12:12:42 -0800
commit: a37a2c4d38acb642a9e7660cd0c924dc9dff801f (patch)
tree: 66fdbf232c9eb79d4d4a5ed7da2ca3c85b39aadf /imap
parent: 8fcf8edaeff52e98cb61d75e06c3dd4a2ca19046 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/imap/command.c b/imap/command.c
index c607fcad..46f07bb0 100644
--- a/imap/command.c
+++ b/imap/command.c
@@ -933,6 +933,7 @@ static void cmd_parse_status (IMAP_DATA* idata, char* s)
   char* value;
   BUFFY* inc;
   IMAP_MBOX mx;
+  unsigned long ulcount;
   unsigned int count;
   IMAP_STATUS *status;
   unsigned int olduv, oldun;
@@ -977,12 +978,14 @@ static void cmd_parse_status (IMAP_DATA* idata, char* s)
     value = imap_next_word (s);
 
     errno = 0;
-    count = strtoul (value, &value, 10);
-    if (errno == ERANGE && count == ULONG_MAX)
+    ulcount = strtoul (value, &value, 10);
+    if ((errno == ERANGE && ulcount == ULONG_MAX) ||
+        ((unsigned int) ulcount != ulcount))
     {
       dprint (1, (debugfile, "Error parsing STATUS number\n"));
       return;
     }
+    count = (unsigned int) ulcount;
 
     if (!ascii_strncmp ("MESSAGES", s, 8))
     {
author	Kevin McCarthy <kevin@8t8.us>	2018-01-07 12:12:42 -0800
committer	Kevin McCarthy <kevin@8t8.us>	2018-01-07 12:12:42 -0800
commit	a37a2c4d38acb642a9e7660cd0c924dc9dff801f (patch)
tree	66fdbf232c9eb79d4d4a5ed7da2ca3c85b39aadf /imap
parent	8fcf8edaeff52e98cb61d75e06c3dd4a2ca19046 (diff)