[exim-cvs] Check localhost_number expansion for failure.

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Check localhost_number expansion for failure.
Gitweb: http://git.exim.org/exim.git/commitdiff/ef8406816ea0fc82b5d80009b30cb83ad9af6f2f
Commit:     ef8406816ea0fc82b5d80009b30cb83ad9af6f2f
Parent:     ee278e5a4369c214892af66c2bd003bd00899345
Author:     Phil Pennock <pdp@???>
AuthorDate: Fri May 4 18:22:16 2012 -0700
Committer:  Phil Pennock <pdp@???>
CommitDate: Fri May 4 18:22:16 2012 -0700


    Check localhost_number expansion for failure.


    Avoids NULL dereference.
    Report and patch from Alun Jones.


    Also a couple of SIZE_T_FMT sizeof() printf string fixes while I was in there.


    fixes bug 1122
---
 doc/doc-txt/ChangeLog |    3 +++
 src/src/acl.c         |    2 +-
 src/src/readconf.c    |   11 ++++++++---
 3 files changed, 12 insertions(+), 4 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 55cde6d..80e8edf 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -78,6 +78,9 @@ PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
       Also option tls_sni on SMTP Transports.  Also clear $tls_bits correctly
       before an outbound SMTP session.  New log_selector, +tls_sni.


+PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
+      NULL dereference.  Report and patch from Alun Jones.
+


 Exim version 4.77
 -----------------
diff --git a/src/src/acl.c b/src/src/acl.c
index 3cafd81..b93ac69 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -2093,7 +2093,7 @@ uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
 va_start(ap, format);
 if (!string_vformat(buffer, sizeof(buffer), format, ap))
   log_write(0, LOG_MAIN|LOG_PANIC_DIE,
-    "string_sprintf expansion was longer than %ld", sizeof(buffer));
+    "string_sprintf expansion was longer than " SIZE_T_FMT, sizeof(buffer));
 va_end(ap);
 *log_msgptr = string_sprintf(
   "error in arguments to \"ratelimit\" condition: %s", buffer);
diff --git a/src/src/readconf.c b/src/src/readconf.c
index c622359..b35811e 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -520,7 +520,7 @@ while (isalnum(*s) || *s == '_')
   {
   if (namelen >= sizeof(name) - 1)
     log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
-      "macro name too long (maximum is %d characters)", sizeof(name) - 1);
+      "macro name too long (maximum is " SIZE_T_FMT " characters)", sizeof(name) - 1);
   name[namelen++] = *s++;
   }
 name[namelen] = 0;
@@ -3189,9 +3189,14 @@ so as to ensure that everything else is set up before the expansion. */


 if (host_number_string != NULL)
   {
+  long int n;
   uschar *end;
   uschar *s = expand_string(host_number_string);
-  long int n = Ustrtol(s, &end, 0);
+  if (s == NULL)
+    log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+        "failed to expand localhost_number \"%s\": %s",
+        host_number_string, expand_string_message);
+  n = Ustrtol(s, &end, 0);
   while (isspace(*end)) end++;
   if (*end != 0)
     log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
@@ -3607,7 +3612,7 @@ else if (strncmpic(pp, US"tls_required", p - pp) == 0)
   *basic_errno = ERRNO_TLSREQUIRED;


else if (len != 1 || Ustrncmp(pp, "*", 1) != 0)
- return string_sprintf("unknown or malformed retry error \"%.*s\"", p-pp, pp);
+ return string_sprintf("unknown or malformed retry error \"%.*s\"", (int) (p-pp), pp);

return NULL;
}