git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Chunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201
[exim.git]
/
src
/
src
/
smtp_in.c
diff --git
a/src/src/smtp_in.c
b/src/src/smtp_in.c
index 1b45f84d9c8244d76f0d42dd12b77c834c86ff67..02075404dc8eb05ab25fdafd9d1ff0280bd07279 100644
(file)
--- a/
src/src/smtp_in.c
+++ b/
src/src/smtp_in.c
@@
-4955,16
+4955,23
@@
while (done <= 0)
DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
(int)chunking_state, chunking_data_left);
DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
(int)chunking_state, chunking_data_left);
+ /* push the current receive_* function on the "stack", and
+ replace them by bdat_getc(), which in turn will use the lwr_receive_*
+ functions to do the dirty work. */
lwr_receive_getc = receive_getc;
lwr_receive_ungetc = receive_ungetc;
lwr_receive_getc = receive_getc;
lwr_receive_ungetc = receive_ungetc;
+
receive_getc = bdat_getc;
receive_ungetc = bdat_ungetc;
receive_getc = bdat_getc;
receive_ungetc = bdat_ungetc;
+ dot_ends = FALSE;
+
goto DATA_BDAT;
}
case DATA_CMD:
HAD(SCH_DATA);
goto DATA_BDAT;
}
case DATA_CMD:
HAD(SCH_DATA);
+ dot_ends = TRUE;
DATA_BDAT: /* Common code for DATA and BDAT */
if (!discarded && recipients_count <= 0)
DATA_BDAT: /* Common code for DATA and BDAT */
if (!discarded && recipients_count <= 0)