SECURITY: Leave a clean smtp_out input buffer even in case of read error

[exim.git] / src / src / smtp_out.c

diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c
index 2b03c03f3e76eacd23bcddd3651b5ae50cb81526..f103c2752ebd76c23dbec4e704ea6be2e4525a78 100644 (file)
--- a/src/src/smtp_out.c
+++ b/src/src/smtp_out.c
@@ -659,8 +659,9 @@ if (format)
     while (*p) *p++ = '*';
     }
 
-  HDEBUG(D_transport|D_acl|D_v)
-    debug_printf_indent("  SMTP%c> %s\n", ">+|"[mode], big_buffer);
+  HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("  SMTP%c> %s\n",
+    mode == SCMD_BUFFER ? '|' : mode == SCMD_MORE ? '+' : '>',
+    big_buffer);
   }
 
 if (mode != SCMD_BUFFER)
@@ -691,7 +692,7 @@ Arguments:
   timelimit deadline for reading the lime, seconds past epoch
 
 Returns:    length of a line that has been put in the buffer
-            -1 otherwise, with errno set
+            -1 otherwise, with errno set, and inblock->ptr adjusted
 */
 
 static int
@@ -732,6 +733,7 @@ for (;;)
       {
       *p = 0;                     /* Leave malformed line for error message */
       errno = ERRNO_SMTPFORMAT;
+      inblock->ptr = ptr;
       return -1;
       }
     }
@@ -757,6 +759,7 @@ for (;;)
 /* Get here if there has been some kind of recv() error; errno is set, but we
 ensure that the result buffer is empty before returning. */
 
+inblock->ptr = inblock->ptrend = inblock->buffer;
 *buffer = 0;
 return -1;
 }