[exim-dev] [Bug 1659] 4.86_RC4 on OpenBSD 5.7 amd64 segfault…

https://bugs.exim.org/show_bug.cgi?id=1659

Git Commit <git@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |git@???

--- Comment #6 from Git Commit <git@???> ---
Git commit:
http://git.exim.org/exim.git/commitdiff/2f460950af2d4379deaa804c43caf24a9fb055a0

commit 2f460950af2d4379deaa804c43caf24a9fb055a0
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Jul 15 23:45:39 2015 +0100
Commit:     Jeremy Harris <jgh146exb@???>
CommitDate: Wed Jul 15 23:45:39 2015 +0100

    Add check on tls_auth pseudo-command.  Bug 1659
---
 doc/doc-txt/ChangeLog |  3 +++
 src/src/smtp_in.c     | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2f426ba..2c34c21 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -118,6 +118,9 @@ JH/34 Bug 1648: Fix a memory leak seen with "mailq" and
large queues.
 JH/35 Bug 1642: Fix support of $spam_ variables at delivery time.  Was
       documented as working, but never had.  Support all but $spam_report.

+JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
+      added for tls authenticator.
+

Exim version 4.85
-----------------
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 4761220..cf0a5d6 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -159,7 +159,10 @@ AUTH is already forbidden. After a TLS session is started,
AUTH's flag is again
forced TRUE, to allow for the re-authentication that can happen at that point.

QUIT is also "falsely" labelled as a mail command so that it doesn't up the
-count of non-mail commands and possibly provoke an error. */
+count of non-mail commands and possibly provoke an error.
+
+tls_auth is a pseudo-command, never expected in input. It is activated
+on TLS startup and looks for a tls authenticator. */

 static smtp_cmd_list cmd_list[] = {
   /* name         len                     cmd     has_arg is_mail_cmd */
@@ -1028,10 +1031,12 @@ for (p = cmd_list; p < cmd_list_end; p++)
       continue;
     }
   #endif
-  if (strncmpic(smtp_cmd_buffer, US p->name, p->len) == 0 &&
-       (smtp_cmd_buffer[p->len-1] == ':' ||   /* "mail from:" or "rcpt to:" */
-        smtp_cmd_buffer[p->len] == 0 ||
-        smtp_cmd_buffer[p->len] == ' '))
+  if (  p->len
+     && strncmpic(smtp_cmd_buffer, US p->name, p->len) == 0
+     && (  smtp_cmd_buffer[p->len-1] == ':'    /* "mail from:" or "rcpt to:"
*/
+        || smtp_cmd_buffer[p->len] == 0
+    || smtp_cmd_buffer[p->len] == ' '
+     )  )
     {
     if (smtp_inptr < smtp_inend &&                     /* Outstanding input */
         p->cmd < sync_cmd_limit &&                     /* Command should sync
*/

--
You are receiving this mail because:
You are on the CC list for the bug.