git://git.exim.org / exim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6f97d82)
SECURITY: Leave a clean smtp_out input buffer even in case of read error
authorHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Tue, 30 Mar 2021 20:48:06 +0000 (22:48 +0200)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Thu, 27 May 2021 19:30:55 +0000 (21:30 +0200)
Based on Heiko Schlittermann's commit 54895bc3. This fixes:

7/ In src/smtp_out.c, read_response_line(), inblock->ptr is not updated
when -1 is returned. This does not seem to have bad consequences, but is
maybe not the intended behavior.

(cherry picked from commit 30f5d98786fb4e6ccfdd112fe65c153f0ee34c5f)
(cherry picked from commit d600f6c4d0c5d33e3988dfbfee248ff6a1536673)

src/src/smtp_out.c patch | blob | history

diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c
index eae74da00fedb3a1e6811103821c4d9e94d7052f..f103c2752ebd76c23dbec4e704ea6be2e4525a78 100644 (file)
--- a/src/src/smtp_out.c
+++ b/src/src/smtp_out.c
@@ -472,7 +472,7 @@ if (ob->socks_proxy)
   {
   int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
                                sc->tblock, ob->connect_timeout);
-
+  
   if (sock >= 0)
     {
     if (early_data && early_data->data && early_data->len)
@@ -759,6 +759,7 @@ for (;;)
 /* Get here if there has been some kind of recv() error; errno is set, but we
 ensure that the result buffer is empty before returning. */
 
+inblock->ptr = inblock->ptrend = inblock->buffer;
 *buffer = 0;
 return -1;
 }
Master Exim source repository