[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim…

Góra strony
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
Dla: exim-cvs
Temat: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/exim-src/src log.c
ph10 2005/09/12 11:49:31 BST

  Modified files:
    exim-doc/doc-txt     ChangeLog 
    exim-src/src         log.c 
  Log:
  Fix rare potential log buffer overflow.


  Revision  Changes    Path
  1.219     +5 -0      exim/exim-doc/doc-txt/ChangeLog
  1.7       +1 -1      exim/exim-src/src/log.c


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.218
  retrieving revision 1.219
  diff -u -r1.218 -r1.219
  --- ChangeLog    12 Sep 2005 10:08:53 -0000    1.218
  +++ ChangeLog    12 Sep 2005 10:49:30 -0000    1.219
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.218 2005/09/12 10:08:53 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.219 2005/09/12 10:49:30 ph10 Exp $


   Change log file for Exim from version 4.21
   -------------------------------------------
  @@ -153,6 +153,11 @@
         which is clearly wrong.


   PH/37 Added control=suppress_local_fixups.
  +
  +PH/38 When log_selector = +received_sender was set, and the addition of the
  +      sender made the log line's construction buffer exactly full, or one byte
  +      less than full, an overflow happened when the terminating "\n" was
  +      subsequently added.



Exim version 4.52

  Index: log.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/log.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- log.c    28 Jun 2005 10:23:35 -0000    1.6
  +++ log.c    12 Sep 2005 10:49:30 -0000    1.7
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/log.c,v 1.6 2005/06/28 10:23:35 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/log.c,v 1.7 2005/09/12 10:49:30 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -741,7 +741,7 @@
   this way because it kind of fits with LOG_RECIPIENTS. */


   if ((flags & LOG_SENDER) != 0 &&
  -    ptr < log_buffer + LOG_BUFFER_SIZE - 8 - Ustrlen(raw_sender))
  +    ptr < log_buffer + LOG_BUFFER_SIZE - 10 - Ustrlen(raw_sender))
     {
     sprintf(CS ptr, " from <%s>", raw_sender);
     while (*ptr) ptr++;