Fix ${readsocket } eol-replacement. Bug 2630

[exim.git] / src / src / expand.c

diff --git a/src/src/expand.c b/src/src/expand.c
index 41860d93bebf6f000bf0a4da6d805afefd17dc0f..9bb30de4f3f8f5514c42f4e0ee13f89684b72c1b 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -4916,7 +4916,7 @@ while (*s)
           {
           expand_string_message =
             string_sprintf("lookup of \"%s\" gave DEFER: %s",
-              string_printing2(key, FALSE), search_error_message);
+              string_printing2(key, SP_TAB), search_error_message);
           goto EXPAND_FAILED;
           }
         if (expand_setup > 0) expand_nmax = expand_setup;
@@ -5330,11 +5330,14 @@ while (*s)
          while ((item = string_nextinlist(&list, &sep, NULL, 0)))
            g = string_append_listele(g, ',', item);
 
-         /* possibly plus an EOL string */
+         /* possibly plus an EOL string.  Process with escapes, to protect
+         from list-processing.  The only current user of eol= in search
+         options is the readsock expansion. */
+
          if (sub_arg[3] && *sub_arg[3])
            g = string_append_listele(g, ',',
-                 string_sprintf("eol=%s", sub_arg[3]));
-
+                 string_sprintf("eol=%s",
+                   string_printing2(sub_arg[3], SP_TAB|SP_SPACE)));
          }
 
        /* Gat a (possibly cached) handle for the connection */
@@ -7589,13 +7592,10 @@ while (*s)
       prescribed by the RFC, if there are characters that need to be encoded */
 
       case EOP_RFC2047:
-        {
-        uschar buffer[2048];
         yield = string_cat(yield,
                            parse_quote_2047(sub, Ustrlen(sub), headers_charset,
-                             buffer, sizeof(buffer), FALSE));
+                             FALSE));
         continue;
-        }
 
       /* RFC 2047 decode */