Gitweb:
https://git.exim.org/exim.git/commitdiff/da140cebadf56aeb3e2956ad4e317b0f9619a9e6
Commit: da140cebadf56aeb3e2956ad4e317b0f9619a9e6
Parent: 873db3a8000c99e3f0d0a62bb9f70672e1268047
Author: Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Wed Dec 2 22:28:02 2020 +0100
Committer: Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Thu May 27 21:30:40 2021 +0200
SECURITY: smtp_out: Leave a clean input buffer, even in case of read error
Credits: Qualys
7/ In src/smtp_out.c, read_response_line(), inblock->ptr is not updated
when -1 is returned. This does not seem to have bad consequences, but is
maybe not the intended behavior.
(cherry picked from commit f7ac5a7d1e817bf60f161e7a1d40b65d66da607f)
(cherry picked from commit 13f9998ebb937970d1d9d18f205a6e03e14105b4)
---
src/src/smtp_out.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c
index 2a44974..eae74da 100644
--- a/src/src/smtp_out.c
+++ b/src/src/smtp_out.c
@@ -472,7 +472,7 @@ if (ob->socks_proxy)
{
int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
sc->tblock, ob->connect_timeout);
-
+
if (sock >= 0)
{
if (early_data && early_data->data && early_data->len)
@@ -692,7 +692,7 @@ Arguments:
timelimit deadline for reading the lime, seconds past epoch
Returns: length of a line that has been put in the buffer
- -1 otherwise, with errno set
+ -1 otherwise, with errno set, and inblock->ptr adjusted
*/
static int
@@ -733,6 +733,7 @@ for (;;)
{
*p = 0; /* Leave malformed line for error message */
errno = ERRNO_SMTPFORMAT;
+ inblock->ptr = ptr;
return -1;
}
}
