From bf919af813f3765910d1b926621cbfacf892b1d0 Mon Sep 17 00:00:00 2001 From: Brian White Date: Tue, 31 Dec 2013 18:39:43 -0500 Subject: [PATCH] Connection: ensure non-empty seqno/uid lists --- lib/Connection.js | 48 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 5 deletions(-) diff --git a/lib/Connection.js b/lib/Connection.js index 4fadfe7..1dae2c7 100644 --- a/lib/Connection.js +++ b/lib/Connection.js @@ -484,8 +484,11 @@ Connection.prototype.expunge = function(uids, cb) { if (uids !== undefined) { if (!Array.isArray(uids)) uids = [uids]; - validateUIDList(uids); + + if (uids.length === 0) + throw new Error('Empty uid list'); + uids = uids.join(','); if (!this.serverSupports('UIDPLUS')) @@ -560,6 +563,12 @@ Connection.prototype._store = function(which, uids, cfg, cb) { uids = [uids]; validateUIDList(uids); + if (uids.length === 0) { + throw new Error('Empty ' + + (which === '' ? 'sequence number' : 'uid') + + 'list'); + } + if ((!Array.isArray(items) && typeof items !== 'string') || (Array.isArray(items) && items.length === 0)) throw new Error((isFlags ? 'Flags' : 'Keywords') @@ -602,8 +611,14 @@ Connection.prototype._copy = function(which, uids, boxTo, cb) { if (!Array.isArray(uids)) uids = [uids]; - validateUIDList(uids); + + if (uids.length === 0) { + throw new Error('Empty ' + + (which === '' ? 'sequence number' : 'uid') + + 'list'); + } + boxTo = escape(utf7.encode(''+boxTo)); this._enqueue(which + 'COPY ' + uids.join(',') + ' "' + boxTo + '"', cb); @@ -620,8 +635,14 @@ Connection.prototype._move = function(which, uids, boxTo, cb) { if (this.serverSupports('MOVE')) { if (!Array.isArray(uids)) uids = [uids]; - validateUIDList(uids); + + if (uids.length === 0) { + throw new Error('Empty ' + + (which === '' ? 'sequence number' : 'uid') + + 'list'); + } + uids = uids.join(','); boxTo = escape(utf7.encode(''+boxTo)); @@ -703,6 +724,13 @@ Connection.prototype._fetch = function(which, uids, options) { if (!Array.isArray(uids)) uids = [uids]; validateUIDList(uids); + + if (uids.length === 0) { + throw new Error('Empty ' + + (which === '' ? 'sequence number' : 'uid') + + 'list'); + } + uids = uids.join(','); var cmd = which + 'FETCH ' + uids + ' (', @@ -791,6 +819,12 @@ Connection.prototype._storeLabels = function(which, uids, labels, mode, cb) { uids = [uids]; validateUIDList(uids); + if (uids.length === 0) { + throw new Error('Empty ' + + (which === '' ? 'sequence number' : 'uid') + + 'list'); + } + if ((!Array.isArray(labels) && typeof labels !== 'string') || (Array.isArray(labels) && labels.length === 0)) throw new Error('labels argument must be a string or a non-empty Array'); @@ -1814,6 +1848,8 @@ function buildSearchQuery(options, extensions, info, isOrChild) { throw new Error('Incorrect number of arguments for search option: ' + criteria); validateUIDList(args); + if (args.length === 0) + throw new Error('Empty uid list'); searchargs += modifier + criteria + ' ' + args.join(','); break; // Extensions ========================================================== @@ -1862,9 +1898,11 @@ function buildSearchQuery(options, extensions, info, isOrChild) { // last hope it's a seqno set // http://tools.ietf.org/html/rfc3501#section-6.4.4 var seqnos = (args ? [criteria].concat(args) : [criteria]); - if (!validateUIDList(seqnos, true)) + if (!validateUIDList(seqnos, true)) { + if (seqnos.length === 0) + throw new Error('Empty sequence number list'); searchargs += modifier + seqnos.join(','); - else + } else throw new Error('Unexpected search option: ' + criteria); } }