Gitweb:
https://git.exim.org/exim.git/commitdiff/0f9c36e64b3ded09b1972515fc62a673e1be2b8d
Commit: 0f9c36e64b3ded09b1972515fc62a673e1be2b8d
Parent: 978d20c05940889f38b35fb3f6137f53dab24f48
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Tue May 5 18:47:29 2020 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Tue May 5 18:47:29 2020 +0100
Ensure lookup-result variables are dropped between messages on a connection
---
doc/doc-txt/ChangeLog | 5 ++++
src/src/exim.c | 4 +++
src/src/smtp_in.c | 3 +-
test/aux-fixed/0623.list | 4 +++
test/confs/0623 | 23 ++++++++++++++++
test/log/0623 | 6 ++++
test/scripts/0000-Basic/0623 | 57 ++++++++++++++++++++++++++++++++++++++
test/stderr/0623 | 29 ++++++++++++++++++++
test/stdout/0623 | 65 ++++++++++++++++++++++++++++++++++++++++++++
9 files changed, 195 insertions(+), 1 deletion(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9fd526b..1d685a1 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -179,6 +179,11 @@ JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present
JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now
the default. See the (new) dkim_verify_min_keysizes option.
+JH/40 Fix a memory-handling bug: when a connection carried multiple messages
+ and an ACL use a lookup for checking either the local_part or domain,
+ stale data could be accessed. Ensure that variable references are
+ dropped between messages.
+
Exim version 4.93
-----------------
diff --git a/src/src/exim.c b/src/src/exim.c
index 6bc95d2..920e9e2 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -5115,6 +5115,8 @@ if (host_checking)
deliver_localpart_orig = NULL;
deliver_domain_orig = NULL;
callout_address = sending_ip_address = NULL;
+ deliver_localpart_data = deliver_domain_data =
+ recipient_data = sender_data = NULL;
sender_rate = sender_rate_limit = sender_rate_period = NULL;
}
smtp_log_no_mail();
@@ -5767,6 +5769,8 @@ moreloop:
#endif
callout_address = NULL;
sending_ip_address = NULL;
+ deliver_localpart_data = deliver_domain_data =
+ recipient_data = sender_data = NULL;
acl_var_m = NULL;
for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index d72adc1..b3d1acb 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -2056,7 +2056,8 @@ f.active_local_from_check = local_from_check; /* Can be set by ACL */
f.active_local_sender_retain = local_sender_retain; /* Can be set by ACL */
sending_ip_address = NULL;
return_path = sender_address = NULL;
-sender_data = NULL; /* Can be set by ACL */
+deliver_localpart_data = deliver_domain_data =
+recipient_data = sender_data = NULL; /* Can be set by ACL */
deliver_localpart_parent = deliver_localpart_orig = NULL;
deliver_domain_parent = deliver_domain_orig = NULL;
callout_address = NULL;
diff --git a/test/aux-fixed/0623.list b/test/aux-fixed/0623.list
new file mode 100644
index 0000000..737a751
--- /dev/null
+++ b/test/aux-fixed/0623.list
@@ -0,0 +1,4 @@
+fred: yes
+jim: him also
+good1.ex: yup
+good2.ex: ok
diff --git a/test/confs/0623 b/test/confs/0623
new file mode 100644
index 0000000..7ac0ad3
--- /dev/null
+++ b/test/confs/0623
@@ -0,0 +1,23 @@
+# Exim test configuration 0623
+
+.include DIR/aux-var/std_conf_prefix
+
+
+# ----- Main settings -----
+
+domainlist local_domains = @
+
+acl_smtp_rcpt = chk_rcpt
+
+queue_only
+
+
+# ----- ACL -----
+
+begin acl
+
+chk_rcpt:
+ accept local_parts = lsearch;DIR/aux-fixed/TESTNUM.list
+ domains = lsearch;DIR/aux-fixed/TESTNUM.list
+
+# End
diff --git a/test/log/0623 b/test/log/0623
new file mode 100644
index 0000000..c84f874
--- /dev/null
+++ b/test/log/0623
@@ -0,0 +1,6 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local-smtp S=sss
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= a@??? H=(tester) [127.0.0.1] P=smtp S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= b@??? H=(tester) [127.0.0.1] P=smtp S=sss
diff --git a/test/scripts/0000-Basic/0623 b/test/scripts/0000-Basic/0623
new file mode 100644
index 0000000..d43d13c
--- /dev/null
+++ b/test/scripts/0000-Basic/0623
@@ -0,0 +1,57 @@
+# free of local_part_data, domain_data, sender_data
+#
+exim -bh 99.99.99.99
+HELO tester
+MAIL FROM:<a@???>
+RCPT TO:<fred@???>
+DATA
+.
+RSET
+MAIL FROM:<b@???>
+RCPT TO:<jim@???>
+DATA
+.
+QUIT
+****
+#
+#
+exim -bd -DSERVER=server -oX PORT_D
+****
+client 127.0.0.1 PORT_D
+??? 220
+HELO tester
+??? 250
+MAIL FROM:<a@???>
+??? 250
+RCPT TO:<fred@???>
+??? 250
+DATA
+??? 354
+.
+??? 250
+RSET
+??? 250
+MAIL FROM:<b@???>
+??? 250
+RCPT TO:<jim@???>
+??? 250
+DATA
+??? 354
+.
+??? 250
+QUIT
+****
+killdaemon
+#
+#
+exim -bs
+HELO tester
+MAIL FROM:<a@???>
+RCPT TO:<fred@???>
+DATA
+.
+QUIT
+****
+#
+#
+no_msglog_check
diff --git a/test/stderr/0623 b/test/stderr/0623
new file mode 100644
index 0000000..21ac5f2
--- /dev/null
+++ b/test/stderr/0623
@@ -0,0 +1,29 @@
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
+>>> tester in helo_lookup_domains? no (end of list)
+>>> using ACL "chk_rcpt"
+>>> processing "accept" (TESTSUITE/test-config 20)
+>>> check local_parts = lsearch;TESTSUITE/aux-fixed/0623.list
+>>> fred in "lsearch;TESTSUITE/aux-fixed/0623.list"? yes (matched "lsearch;TESTSUITE/aux-fixed/0623.list")
+>>> check domains = lsearch;TESTSUITE/aux-fixed/0623.list
+>>> good1.ex in "lsearch;TESTSUITE/aux-fixed/0623.list"? yes (matched "lsearch;TESTSUITE/aux-fixed/0623.list")
+>>> accept: condition test succeeded in ACL "chk_rcpt"
+>>> end of ACL "chk_rcpt": ACCEPT
+LOG: 10HmbA-0005vi-00 <= a@??? H=(tester) [99.99.99.99] P=smtp S=sss
+>>> using ACL "chk_rcpt"
+>>> processing "accept" (TESTSUITE/test-config 20)
+>>> check local_parts = lsearch;TESTSUITE/aux-fixed/0623.list
+>>> jim in "lsearch;TESTSUITE/aux-fixed/0623.list"? yes (matched "lsearch;TESTSUITE/aux-fixed/0623.list")
+>>> check domains = lsearch;TESTSUITE/aux-fixed/0623.list
+>>> good2.ex in "lsearch;TESTSUITE/aux-fixed/0623.list"? yes (matched "lsearch;TESTSUITE/aux-fixed/0623.list")
+>>> accept: condition test succeeded in ACL "chk_rcpt"
+>>> end of ACL "chk_rcpt": ACCEPT
+LOG: 10HmbB-0005vi-00 <= b@??? H=(tester) [99.99.99.99] P=smtp S=sss
+
+******** SERVER ********
diff --git a/test/stdout/0623 b/test/stdout/0623
new file mode 100644
index 0000000..27103d9
--- /dev/null
+++ b/test/stdout/0623
@@ -0,0 +1,65 @@
+
+**** SMTP testing session as if from host 99.99.99.99
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 the.local.host.name Hello tester [99.99.99.99]
+250 OK
+250 Accepted
+354 Enter message, ending with "." on a line by itself
+250 OK id=10HmbA-0005vi-00
+
+**** SMTP testing: that is not a real message id!
+
+250 Reset OK
+250 OK
+250 Accepted
+354 Enter message, ending with "." on a line by itself
+250 OK id=10HmbB-0005vi-00
+
+**** SMTP testing: that is not a real message id!
+
+221 the.local.host.name closing connection
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> HELO tester
+??? 250
+<<< 250 the.local.host.name Hello tester [127.0.0.1]
+>>> MAIL FROM:<a@???>
+??? 250
+<<< 250 OK
+>>> RCPT TO:<fred@???>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> .
+??? 250
+<<< 250 OK id=10HmaY-0005vi-00
+>>> RSET
+??? 250
+<<< 250 Reset OK
+>>> MAIL FROM:<b@???>
+??? 250
+<<< 250 OK
+>>> RCPT TO:<jim@???>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> .
+??? 250
+<<< 250 OK id=10HmaZ-0005vi-00
+>>> QUIT
+End of script
+220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 the.local.host.name Hello CALLER at tester
+250 OK
+250 Accepted
+354 Enter message, ending with "." on a line by itself
+250 OK id=10HmaX-0005vi-00
+221 the.local.host.name closing connection