Fix CVE-2019-10149

[exim.git] / src / src / deliver.c
diff --git a/src/src/deliver.c b/src/src/deliver.c

index 5c34b929ca7078fef3d7709df328c6398322cb6d..45cc0723f9203a5bf55aecb06ad6736cc173f387 100644 (file)
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -817,7 +817,7 @@ if (LOGGING(tls_certificate_verified) && addr->cipher)
    s = string_append(s, 2, US" CV=",
      testflag(addr, af_cert_verified)
      ?
-#ifdef EXPERIMENTAL_DANE
+#ifdef SUPPORT_DANE
        testflag(addr, af_dane_verified)
      ? "dane"
      :
@@ -1619,7 +1619,7 @@ if (result == OK)
    tls_out.cipher = addr->cipher;
    tls_out.peerdn = addr->peerdn;
    tls_out.ocsp = addr->ocsp;
-# ifdef EXPERIMENTAL_DANE
+# ifdef SUPPORT_DANE
    tls_out.dane_verified = testflag(addr, af_dane_verified);
  # endif
  #endif
@@ -1632,7 +1632,7 @@ if (result == OK)
    tls_out.cipher = NULL;
    tls_out.peerdn = NULL;
    tls_out.ocsp = OCSP_NOT_REQ;
-# ifdef EXPERIMENTAL_DANE
+# ifdef SUPPORT_DANE
    tls_out.dane_verified = FALSE;
  # endif
  #endif
@@ -4785,7 +4785,7 @@ all pipes, so I do not see a reason to use non-blocking IO here
  
        /* The certificate verification status goes into the flags */
        if (tls_out.certificate_verified) setflag(addr, af_cert_verified);
-#ifdef EXPERIMENTAL_DANE
+#ifdef SUPPORT_DANE
        if (tls_out.dane_verified)        setflag(addr, af_dane_verified);
  #endif
  
@@ -4988,7 +4988,7 @@ all pipes, so I do not see a reason to use non-blocking IO here
    if (cutthrough.fd >= 0 && cutthrough.callout_hold_only)
      {
  #ifdef SUPPORT_TLS
-    tls_close(FALSE, FALSE);
+    tls_close(FALSE, TLS_NO_SHUTDOWN);
  #endif
      (void) close(cutthrough.fd);
      release_cutthrough_connection(US"passed to transport proc");
@@ -5555,7 +5555,8 @@ message size. This use of strcpy() is OK because the length id is checked when
  it is obtained from a command line (the -M or -q options), and otherwise it is
  known to be a valid message id. */
  
-Ustrcpy(message_id, id);
+if (id != message_id)
+  Ustrcpy(message_id, id);
  deliver_force = forced;
  return_count = 0;
  message_size = 0;
@@ -6226,17 +6227,23 @@ if (process_recipients != RECIP_IGNORE)
         {
         uschar * save_local =  deliver_localpart;
         const uschar * save_domain = deliver_domain;
+       uschar * addr = new->address, * errmsg = NULL;
+       int start, end, dom;
  
-       deliver_localpart = expand_string(
-                     string_sprintf("${local_part:%s}", new->address));
-       deliver_domain =    expand_string(
-                     string_sprintf("${domain:%s}", new->address));
+       if (!parse_extract_address(addr, &errmsg, &start, &end, &dom, TRUE))
+         log_write(0, LOG_MAIN|LOG_PANIC,
+                "failed to parse address '%.100s': %s\n", addr, errmsg);
+       else
+         {
+         deliver_localpart =
+           string_copyn(addr+start, dom ? (dom-1) - start : end - start);
+         deliver_domain = dom ? CUS string_copyn(addr+dom, end - dom) : CUS"";
  
-       (void) event_raise(event_action,
-                     US"msg:fail:internal", new->message);
+         event_raise(event_action, US"msg:fail:internal", new->message);
  
-       deliver_localpart = save_local;
-       deliver_domain =    save_domain;
+         deliver_localpart = save_local;
+         deliver_domain = save_domain;
+         }
         }
  #endif
        }