[Patchew-devel] [PATCH] search: protect x[-1] with length check
Paolo Bonzini
pbonzini at redhat.com
Fri Jul 27 10:43:32 UTC 2018
Otherwise, "Less than" and "Greater than" symbols in a search query
cause an out-of-range access and a 500 server error.
Reported by Steffen Goertz.
Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
---
api/search.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/api/search.py b/api/search.py
index ba3703c..63ccfaa 100644
--- a/api/search.py
+++ b/api/search.py
@@ -134,7 +134,7 @@ Search text keyword in the email message. Example:
if term.startswith("age:"):
cond = term[term.find(":") + 1:]
q = self._process_age_term(query, cond)
- elif term[0] in "<>":
+ elif term[0] in "<>" and len(term) > 1:
q = self._process_age_term(query, term)
elif term.startswith("from:"):
cond = term[term.find(":") + 1:]
--
2.17.1
More information about the Patchew-devel
mailing list