string.c: do not interpret '\\' before '\0' (CVE-2019-15846)

[exim.git] / src / src / string.c

diff --git a/src/src/string.c b/src/src/string.c
index 288466113fe860303f72b8cdecfc31b13c2e45fb..a954396512723624ff777e457789e84f9dfd1641 100644 (file)
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -223,6 +223,8 @@ interpreted in strings.
 Arguments:
   pp       points a pointer to the initiating "\" in the string;
            the pointer gets updated to point to the final character
+           If the backslash is the last character in the string, it
+           is not interpreted.
 Returns:   the value of the character escape
 */
 
@@ -235,6 +237,7 @@ const uschar *hex_digits= CUS"0123456789abcdef";
 int ch;
 const uschar *p = *pp;
 ch = *(++p);
+if (ch == '\0') return **pp;
 if (isdigit(ch) && ch != '8' && ch != '9')
   {
   ch -= '0';
@@ -1138,8 +1141,8 @@ memcpy(g->s + p, s, count);
 g->ptr = p + count;
 return g;
 }
- 
- 
+
+
 gstring *
 string_cat(gstring *string, const uschar *s)
 {