git://git.exim.org / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CVE-2020-28007: Link attack in Exim's log directory
[exim.git] / src / src / verify.c
diff --git a/src/src/verify.c b/src/src/verify.c
index fba1f6e9e0a96d80c447a9201bddc00ad563cc38..262a8d76af39ef7ec55247a0b211d554637fcf2a 100644 (file)
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -674,7 +674,7 @@ coding means skipping this whole loop and doing the append separately.  */
     if (!sx) sx = store_get(sizeof(*sx), TRUE);        /* tainted buffers */
     memset(sx, 0, sizeof(*sx));
 
-    sx->addrlist = addr;
+    sx->addrlist = sx->first_addr = addr;
     sx->conn_args.host = host;
     sx->conn_args.host_af = host_af,
     sx->port = port;
@@ -875,12 +875,12 @@ tls_retry_connection:
                    case PENDING_OK:  done = TRUE;
                                      new_address_record.result = ccache_accept;
                                      break;
-                   case FAIL:      done = TRUE;
+                   case FAIL:        done = TRUE;
                                      yield = FAIL;
                                      *failure_ptr = US"recipient";
                                      new_address_record.result = ccache_reject;
                                      break;
-                   default:        break;
+                   default:          break;
                    }
                  break;
 
@@ -1705,7 +1705,8 @@ if (parse_find_at(address) == NULL)
     *failure_ptr = US"qualify";
     return FAIL;
     }
-  address = rewrite_address_qualify(address, options & vopt_is_recipient);
+  /* deconst ok as address was not const */
+  address = US rewrite_address_qualify(address, options & vopt_is_recipient);
   }
 
 DEBUG(D_verify)
@@ -1720,7 +1721,8 @@ may have been set by domains and local part tests during an ACL. */
 if (global_rewrite_rules)
   {
   uschar *old = address;
-  address = rewrite_address(address, options & vopt_is_recipient, FALSE,
+  /* deconst ok as address was not const */
+  address = US rewrite_address(address, options & vopt_is_recipient, FALSE,
     global_rewrite_rules, rewrite_existflags);
   if (address != old)
     {
Master Exim source repository