[exim-dev] [Bug 2409] New: Callout verification response buf…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 2409] Callout verification response buffer with non-ASCII characters is returned in the user message, [exim-dev] [Bug 2409] Callout verification response buffer with non-ASCII characters is returned in the user message, [exim-dev] [Bug 2409] Callout verification response buffer with non-ASCII characters is returned in the user message
Subject: [exim-dev] [Bug 2409] New: Callout verification response buffer with non-ASCII characters is returned in the user message
https://bugs.exim.org/show_bug.cgi?id=2409

            Bug ID: 2409
           Summary: Callout verification response buffer with non-ASCII
                    characters is returned in the user message
           Product: Exim
           Version: 4.92
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: ACLs
          Assignee: jgh146exb@???
          Reporter: bugzilla.exim.simon@???
                CC: exim-dev@???


If a sender verify callout receives non-ASCII characters (e.g. in response to
an initial connection to port 465 but TLS could not be started) then this is
put in addr->user_message unmodified in src/src/verify.c (sx.buffer):

        addr->user_message = options & vopt_is_recipient
          ? string_sprintf("Callout verification failed:\n%s", sx.buffer)
          : string_sprintf("Called:   %s\nSent:     %s\nResponse: %s",
            host->address, big_buffer, sx.buffer);


I think the original reason why this is the unmodified response is because it
could contain multiple lines that should be preserved to make the message
readable.

A variant of string_printing2() that allows newlines as well as tabs is
required to escape this correctly.

--
You are receiving this mail because:
You are on the CC list for the bug.