Patch for "vacation" bug in Sieve handling.
authorPhilip Hazel <ph10@hermes.cam.ac.uk>
Thu, 17 Feb 2005 09:49:08 +0000 (09:49 +0000)
committerPhilip Hazel <ph10@hermes.cam.ac.uk>
Thu, 17 Feb 2005 09:49:08 +0000 (09:49 +0000)
doc/doc-txt/ChangeLog
src/src/sieve.c

index b01485f83c49786c3b11d515ffddd162463cc3fe..024f6a5c3d4a87641399f8251fb8e9e89029a50c 100644 (file)
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.81 2005/02/16 16:40:22 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.82 2005/02/17 09:49:08 ph10 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -386,6 +386,9 @@ Exim version 4.50
 
 82. Updated OS/Makefile-AIX as per message from Mike Meredith.
 
 
 82. Updated OS/Makefile-AIX as per message from Mike Meredith.
 
+83. Patch from Sieve maintainer to fix unterminated string problem in
+    "vacation" handling.
+
 
 ----------------------------------------------------
 See the note above about the 4.44 and 4.50 releases.
 
 ----------------------------------------------------
 See the note above about the 4.44 and 4.50 releases.
index b5053c796cb2d6198b22f5a4071bb961396da570..22bc64fd7a50ec9976fb86279b2c921357726b6e 100644 (file)
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/sieve.c,v 1.5 2005/02/15 15:48:46 ph10 Exp $ */
+/* $Cambridge: exim/src/src/sieve.c,v 1.6 2005/02/17 09:49:08 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -2486,6 +2486,7 @@ while (*filter->pc)
         start=capacity;
         once=string_cat(filter->vacation_directory,&capacity,&start,US"/",1);
         once=string_cat(once,&capacity,&start,hexdigest,33);
         start=capacity;
         once=string_cat(filter->vacation_directory,&capacity,&start,US"/",1);
         once=string_cat(once,&capacity,&start,hexdigest,33);
+        once[start] = '\0';
 
         /* process subject */
 
 
         /* process subject */
 
@@ -2541,10 +2542,13 @@ while (*filter->pc)
           capacity = 0;
           start = 0;
           addr->reply->headers = string_cat(NULL,&capacity,&start,reason.character,mime_body-reason.character);
           capacity = 0;
           start = 0;
           addr->reply->headers = string_cat(NULL,&capacity,&start,reason.character,mime_body-reason.character);
+          addr->reply->headers[start] = '\0';
           capacity = 0;
           start = 0;
           capacity = 0;
           start = 0;
-          if (mime_body<reason_end) mime_body+=sizeof(nlnl)-1;
+          if (mime_body+(sizeof(nlnl)-1)<reason_end) mime_body+=sizeof(nlnl)-1;
+          else mime_body=reason_end-1;
           addr->reply->text = string_cat(NULL,&capacity,&start,mime_body,reason_end-mime_body);
           addr->reply->text = string_cat(NULL,&capacity,&start,mime_body,reason_end-mime_body);
+          addr->reply->text[start] = '\0';
           }
         else
           {
           }
         else
           {