Gitweb:
https://git.exim.org/exim.git/commitdiff/b72f857fb5b9bfe800daf6d08da85f4bff81ce1d
Commit: b72f857fb5b9bfe800daf6d08da85f4bff81ce1d
Parent: cdf0cd2e8fc4273a8c13bb2810a0fe2da16a003c
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Dec 1 16:49:50 2018 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sat Dec 1 16:49:50 2018 +0000
Harden string-list handling
---
doc/doc-txt/ChangeLog | 4 ++++
src/src/string.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index d006d9d..5928181 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -163,6 +163,10 @@ JH/34 Increase RSA keysize of autogen selfsign cert from 1024 to 2048. RHEL 8.0
JH/35 OpenSSL: fail the handshake when SNI processing hits a problem, server
side. Previously we would continue as if no SNI had been received.
+JH/36 Harder the handling of string-lists. When a list consisted of a sole
+ "<" character, which should be a list-separator specification, we walked
+ off past the nul-terimation.
+
Exim version 4.91
-----------------
diff --git a/src/src/string.c b/src/src/string.c
index 3320474..2441f9b 100644
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -921,7 +921,7 @@ if (sep <= 0)
if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1])))
{
sep = s[1];
- s += 2;
+ if (*++s) ++s;
while (isspace(*s) && *s != sep) s++;
}
else
