From 621f9e41465b521399f691c241181300fab55995 Mon Sep 17 00:00:00 2001 From: Bron Gondwana Date: Sun, 18 Apr 2021 22:45:53 +1000 Subject: [PATCH] annotate: don't allow everyone to write shared server entries --- imap/annotate.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/imap/annotate.c b/imap/annotate.c index dc59a3b500..a5462d6e5f 100644 --- a/imap/annotate.c +++ b/imap/annotate.c @@ -2788,15 +2788,20 @@ static int write_entry(struct mailbox *mailbox, keylen = make_key(mboxname, uid, entry, userid, key, sizeof(key)); - if (mailbox) { - struct annotate_metadata oldmdata; - r = read_old_value(d, key, keylen, &oldval, &oldmdata); - if (r) goto out; + struct annotate_metadata oldmdata; + r = read_old_value(d, key, keylen, &oldval, &oldmdata); + if (r) goto out; - /* if the value is identical, don't touch the mailbox */ - if (oldval.len == value->len && (!value->len || !memcmp(oldval.s, value->s, value->len))) - goto out; + /* if the value is identical, don't touch the mailbox */ + if (oldval.len == value->len && (!value->len || !memcmp(oldval.s, value->s, value->len))) + goto out; + + if (!maywrite) { + r = IMAP_PERMISSION_DENIED; + if (r) goto out; + } + if (mailbox) { if (!ignorequota) { quota_t qdiffs[QUOTA_NUMRESOURCES] = QUOTA_DIFFS_DONTCARE_INITIALIZER; qdiffs[QUOTA_ANNOTSTORAGE] = value->len - (quota_t)oldval.len; @@ -2804,11 +2809,6 @@ static int write_entry(struct mailbox *mailbox, if (r) goto out; } - if (!maywrite) { - r = IMAP_PERMISSION_DENIED; - if (r) goto out; - } - /* do the annot-changed here before altering the DB */ mailbox_annot_changed(mailbox, uid, entry, userid, &oldval, value, silent);