CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()

[exim.git] / src / src / smtp_in.c

diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 258ec03e4d03e78890e8a5aa2cd85a5e2adf31f7..e57059a510a5cdda065ed7441714fa6e04fceb9e 100644 (file)
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -5364,10 +5364,10 @@ while (done <= 0)
          }
        if (f.smtp_in_pipelining_advertised && last_was_rcpt)
          smtp_printf("503 Valid RCPT command must precede %s\r\n", FALSE,
-           smtp_names[smtp_connection_had[smtp_ch_index-1]]);
+           smtp_names[smtp_connection_had[SMTP_HBUFF_PREV(smtp_ch_index)]]);
        else
          done = synprot_error(L_smtp_protocol_error, 503, NULL,
-           smtp_connection_had[smtp_ch_index-1] == SCH_DATA
+           smtp_connection_had[SMTP_HBUFF_PREV(smtp_ch_index)] == SCH_DATA
            ? US"valid RCPT command must precede DATA"
            : US"valid RCPT command must precede BDAT");