Harden string-list handling

author Jeremy Harris <jgh146exb@wizmail.org>

Sat, 1 Dec 2018 16:49:50 +0000 (16:49 +0000)

committer Jeremy Harris <jgh146exb@wizmail.org>

Sat, 1 Dec 2018 16:49:50 +0000 (16:49 +0000)
author Jeremy Harris <jgh146exb@wizmail.org>
Sat, 1 Dec 2018 16:49:50 +0000 (16:49 +0000)
committer Jeremy Harris <jgh146exb@wizmail.org>
Sat, 1 Dec 2018 16:49:50 +0000 (16:49 +0000)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog

index d006d9dbe3d753db638e5b8d782e2dd73df3cde1..59281817e64f10fe897f698e34851629249f4d18 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -163,6 +163,10 @@ JH/34 Increase RSA keysize of autogen selfsign cert from 1024 to 2048.  RHEL 8.0
  JH/35 OpenSSL: fail the handshake when SNI processing hits a problem, server
        side.  Previously we would continue as if no SNI had been received.
  
+JH/36 Harder the handling of string-lists.  When a list consisted of a sole
+      "<" character, which should be a list-separator specification, we walked
+      off past the nul-terimation.
+
  
  Exim version 4.91
  -----------------
diff --git a/src/src/string.c b/src/src/string.c

index 332047460de282a3f0c68d20c577482ec2c981e3..2441f9b17a4c66df5783b166bf96f814556845c4 100644 (file)
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -921,7 +921,7 @@ if (sep <= 0)
    if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1])))
      {
      sep = s[1];
-    s += 2;
+    if (*++s) ++s;
      while (isspace(*s) && *s != sep) s++;
      }
    else
author	Jeremy Harris <jgh146exb@wizmail.org>
	Sat, 1 Dec 2018 16:49:50 +0000 (16:49 +0000)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Sat, 1 Dec 2018 16:49:50 +0000 (16:49 +0000)
doc/doc-txt/ChangeLog		patch \| blob \| history
src/src/string.c		patch \| blob \| history