[exim-cvs] SECURITY: smtp_out: Leave a clean input buffer, …

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Exim Git Commits Mailing List
Ημερομηνία:  
Προς: exim-cvs
Αντικείμενο: [exim-cvs] SECURITY: smtp_out: Leave a clean input buffer, even in case of read error
Gitweb: https://git.exim.org/exim.git/commitdiff/da140cebadf56aeb3e2956ad4e317b0f9619a9e6
Commit:     da140cebadf56aeb3e2956ad4e317b0f9619a9e6
Parent:     873db3a8000c99e3f0d0a62bb9f70672e1268047
Author:     Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Wed Dec 2 22:28:02 2020 +0100
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Thu May 27 21:30:40 2021 +0200


    SECURITY: smtp_out: Leave a clean input buffer, even in case of read error


    Credits: Qualys


      7/ In src/smtp_out.c, read_response_line(), inblock->ptr is not updated
      when -1 is returned. This does not seem to have bad consequences, but is
      maybe not the intended behavior.


    (cherry picked from commit f7ac5a7d1e817bf60f161e7a1d40b65d66da607f)
    (cherry picked from commit 13f9998ebb937970d1d9d18f205a6e03e14105b4)
---
 src/src/smtp_out.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)


diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c
index 2a44974..eae74da 100644
--- a/src/src/smtp_out.c
+++ b/src/src/smtp_out.c
@@ -472,7 +472,7 @@ if (ob->socks_proxy)
   {
   int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
                 sc->tblock, ob->connect_timeout);
-  
+
   if (sock >= 0)
     {
     if (early_data && early_data->data && early_data->len)
@@ -692,7 +692,7 @@ Arguments:
   timelimit deadline for reading the lime, seconds past epoch


 Returns:    length of a line that has been put in the buffer
-            -1 otherwise, with errno set
+            -1 otherwise, with errno set, and inblock->ptr adjusted
 */


 static int
@@ -733,6 +733,7 @@ for (;;)
       {
       *p = 0;                     /* Leave malformed line for error message */
       errno = ERRNO_SMTPFORMAT;
+      inblock->ptr = ptr;
       return -1;
       }
     }