ph10 2005/09/12 11:49:31 BST
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src log.c
Log:
Fix rare potential log buffer overflow.
Revision Changes Path
1.219 +5 -0 exim/exim-doc/doc-txt/ChangeLog
1.7 +1 -1 exim/exim-src/src/log.c
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.218
retrieving revision 1.219
diff -u -r1.218 -r1.219
--- ChangeLog 12 Sep 2005 10:08:53 -0000 1.218
+++ ChangeLog 12 Sep 2005 10:49:30 -0000 1.219
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.218 2005/09/12 10:08:53 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.219 2005/09/12 10:49:30 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -153,6 +153,11 @@
which is clearly wrong.
PH/37 Added control=suppress_local_fixups.
+
+PH/38 When log_selector = +received_sender was set, and the addition of the
+ sender made the log line's construction buffer exactly full, or one byte
+ less than full, an overflow happened when the terminating "\n" was
+ subsequently added.
Exim version 4.52
Index: log.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/log.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- log.c 28 Jun 2005 10:23:35 -0000 1.6
+++ log.c 12 Sep 2005 10:49:30 -0000 1.7
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/log.c,v 1.6 2005/06/28 10:23:35 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/log.c,v 1.7 2005/09/12 10:49:30 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -741,7 +741,7 @@
this way because it kind of fits with LOG_RECIPIENTS. */
if ((flags & LOG_SENDER) != 0 &&
- ptr < log_buffer + LOG_BUFFER_SIZE - 8 - Ustrlen(raw_sender))
+ ptr < log_buffer + LOG_BUFFER_SIZE - 10 - Ustrlen(raw_sender))
{
sprintf(CS ptr, " from <%s>", raw_sender);
while (*ptr) ptr++;
