git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
[exim.git]
/
src
/
src
/
string.c
diff --git
a/src/src/string.c
b/src/src/string.c
index 5e48b445cd27fd3d0a314fc46b9822529e95aa0a..c6549bf933ebcd796a31ece61d8cb5f861de637b 100644
(file)
--- a/
src/src/string.c
+++ b/
src/src/string.c
@@
-224,6
+224,8
@@
interpreted in strings.
Arguments:
pp points a pointer to the initiating "\" in the string;
the pointer gets updated to point to the final character
Arguments:
pp points a pointer to the initiating "\" in the string;
the pointer gets updated to point to the final character
+ If the backslash is the last character in the string, it
+ is not interpreted.
Returns: the value of the character escape
*/
Returns: the value of the character escape
*/
@@
-236,6
+238,7
@@
const uschar *hex_digits= CUS"0123456789abcdef";
int ch;
const uschar *p = *pp;
ch = *(++p);
int ch;
const uschar *p = *pp;
ch = *(++p);
+if (ch == '\0') return **pp;
if (isdigit(ch) && ch != '8' && ch != '9')
{
ch -= '0';
if (isdigit(ch) && ch != '8' && ch != '9')
{
ch -= '0';
@@
-1210,8
+1213,8
@@
memcpy(g->s + p, s, count);
g->ptr = p + count;
return g;
}
g->ptr = p + count;
return g;
}
-
-
+
+
gstring *
string_cat(gstring *string, const uschar *s)
{
gstring *
string_cat(gstring *string, const uschar *s)
{