Gitweb:
http://git.exim.org/exim.git/commitdiff/f4c1088bb7af23e4b613672230868056d46239a5
Commit: f4c1088bb7af23e4b613672230868056d46239a5
Parent: 60f8e1e888f78e559e718c2e23c1ceb0546779a8
Author: Phil Pennock <pdp@???>
AuthorDate: Wed Jul 31 18:50:04 2013 -0400
Committer: Phil Pennock <pdp@???>
CommitDate: Wed Jul 31 18:50:04 2013 -0400
Fix segfault in stdio with non-SMTP MIME ACL.
When injecting a message locally in non-SMTP mode, and with MIME ACLs
configured, if the ACL rejected the message, Exim would try to
`fprintf(NULL, "%s", the_message)`. This fixes that.
Most ACLs are plumbed in SMTP-only and looking through the others in
receive.c, they all appear to be safely guarded, so it was just this one
that slipped through.
Crash report and assistance tracking down the root cause from Warren
Baker.
---
doc/doc-txt/ChangeLog | 4 ++++
src/ACKNOWLEDGMENTS | 1 +
src/src/receive.c | 5 +++--
3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index f9a3767..d899010 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -209,6 +209,10 @@ PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
It's SecureTransport, so affects any MacOS clients which use the
system-integrated TLS libraries, including email clients.
+PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if
+ using a MIME ACL for non-SMTP local injection.
+ Report and assistance in diagnosis by Warren Baker.
+
Exim version 4.80.1
-------------------
diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS
index 4474de3..0611b1f 100644
--- a/src/ACKNOWLEDGMENTS
+++ b/src/ACKNOWLEDGMENTS
@@ -359,6 +359,7 @@ Simon Arlott Code for outbound SSL-on-connect
Patch fixing NUL term/init of DKIM strings
Patch fixing dnsdb TXT record handling for DKIM
Patch speeding up DomainKeys signing
+Warren Baker Found crash with MIME ACLs in non-SMTP local injection
Dmitry Banschikov Path to check for LDAP TLS initialisation errors
René Berber Pointed out mistake in build instructions for QNX
Johannes Berg Maintained dynamically loadable module code out-of-tree
diff --git a/src/src/receive.c b/src/src/receive.c
index 48c83db..993d149 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -1277,9 +1277,10 @@ else if (rc != OK)
#ifdef EXPERIMENTAL_DCC
dcc_ok = 0;
#endif
- if (smtp_handle_acl_fail(ACL_WHERE_MIME, rc, user_msg, log_msg) != 0)
+ if (smtp_input && smtp_handle_acl_fail(ACL_WHERE_MIME, rc, user_msg, log_msg) != 0) {
*smtp_yield_ptr = FALSE; /* No more messsages after dropped connection */
- *smtp_reply_ptr = US""; /* Indicate reply already sent */
+ *smtp_reply_ptr = US""; /* Indicate reply already sent */
+ }
message_id[0] = 0; /* Indicate no message accepted */
return FALSE; /* Cause skip to end of receive function */
}
