CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()

[exim.git] / src / src / acl.c

diff --git a/src/src/acl.c b/src/src/acl.c
index 9fe9e5145a5fbf77982b768a9c741edeb2c72310..7061230b4e6609b0e5143057f27b214537ae37c1 100644 (file)
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -4473,7 +4473,8 @@ switch (where)
     /* Drop cutthrough conns, and drop heldopen verify conns if
     the previous was not DATA */
     {
-    uschar prev = smtp_connection_had[smtp_ch_index-2];
+    uschar prev =
+      smtp_connection_had[SMTP_HBUFF_PREV(SMTP_HBUFF_PREV(smtp_ch_index))];
     BOOL dropverify = !(prev == SCH_DATA || prev == SCH_BDAT);
 
     cancel_cutthrough_connection(dropverify, US"quit or conndrop");