Gitweb:
http://git.exim.org/exim.git/commitdiff/ef8406816ea0fc82b5d80009b30cb83ad9af6f2f
Commit: ef8406816ea0fc82b5d80009b30cb83ad9af6f2f
Parent: ee278e5a4369c214892af66c2bd003bd00899345
Author: Phil Pennock <pdp@???>
AuthorDate: Fri May 4 18:22:16 2012 -0700
Committer: Phil Pennock <pdp@???>
CommitDate: Fri May 4 18:22:16 2012 -0700
Check localhost_number expansion for failure.
Avoids NULL dereference.
Report and patch from Alun Jones.
Also a couple of SIZE_T_FMT sizeof() printf string fixes while I was in there.
fixes bug 1122
---
doc/doc-txt/ChangeLog | 3 +++
src/src/acl.c | 2 +-
src/src/readconf.c | 11 ++++++++---
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 55cde6d..80e8edf 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -78,6 +78,9 @@ PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
before an outbound SMTP session. New log_selector, +tls_sni.
+PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
+ NULL dereference. Report and patch from Alun Jones.
+
Exim version 4.77
-----------------
diff --git a/src/src/acl.c b/src/src/acl.c
index 3cafd81..b93ac69 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -2093,7 +2093,7 @@ uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
va_start(ap, format);
if (!string_vformat(buffer, sizeof(buffer), format, ap))
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
- "string_sprintf expansion was longer than %ld", sizeof(buffer));
+ "string_sprintf expansion was longer than " SIZE_T_FMT, sizeof(buffer));
va_end(ap);
*log_msgptr = string_sprintf(
"error in arguments to \"ratelimit\" condition: %s", buffer);
diff --git a/src/src/readconf.c b/src/src/readconf.c
index c622359..b35811e 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -520,7 +520,7 @@ while (isalnum(*s) || *s == '_')
{
if (namelen >= sizeof(name) - 1)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
- "macro name too long (maximum is %d characters)", sizeof(name) - 1);
+ "macro name too long (maximum is " SIZE_T_FMT " characters)", sizeof(name) - 1);
name[namelen++] = *s++;
}
name[namelen] = 0;
@@ -3189,9 +3189,14 @@ so as to ensure that everything else is set up before the expansion. */
if (host_number_string != NULL)
{
+ long int n;
uschar *end;
uschar *s = expand_string(host_number_string);
- long int n = Ustrtol(s, &end, 0);
+ if (s == NULL)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "failed to expand localhost_number \"%s\": %s",
+ host_number_string, expand_string_message);
+ n = Ustrtol(s, &end, 0);
while (isspace(*end)) end++;
if (*end != 0)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
@@ -3607,7 +3612,7 @@ else if (strncmpic(pp, US"tls_required", p - pp) == 0)
*basic_errno = ERRNO_TLSREQUIRED;
else if (len != 1 || Ustrncmp(pp, "*", 1) != 0)
- return string_sprintf("unknown or malformed retry error \"%.*s\"", p-pp, pp);
+ return string_sprintf("unknown or malformed retry error \"%.*s\"", (int) (p-pp), pp);
return NULL;
}
