On Mon, 2007-09-24 at 15:41 +0100, pod wrote: > >>>>> "TS" == Timo Sirainen <[EMAIL PROTECTED]> writes: > > >> Well, doing it only if it's the first header would make it > >> better. I guess I could do something like that since this is a > >> pretty common problem.. > > TS> http://hg.dovecot.org/dovecot-1.0/rev/4c807839ac0c > > Hasn't create_mbox_stream() returned by the time save_header_callback() is > called? Doesn't that mean that the &first passed as *context to > save_header_callback() is of dubious validity?
Oh, good catch. Yes, that was a security hole just waiting to be exploited. :) I couldn't figure out a clean and safe way to do it, so: http://hg.dovecot.org/dovecot/rev/2821a472806f deliver could use a rewrite some day..
signature.asc
Description: This is a digitally signed message part
