Check localhost_number expansion for failure.

Avoids NULL dereference.
Report and patch from Alun Jones.

Also a couple of SIZE_T_FMT sizeof() printf string fixes while I was in there.

fixes bug 1122

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 55cde6dcffa16fcb1a69e6fcdc808af61302265d..80e8edf97a51b2dca6392b5f5f921047c3f664fc 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -78,6 +78,9 @@ PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
       Also option tls_sni on SMTP Transports.  Also clear $tls_bits correctly
       before an outbound SMTP session.  New log_selector, +tls_sni.
 
+PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
+      NULL dereference.  Report and patch from Alun Jones.
+
 
 Exim version 4.77
 -----------------

diff --git a/src/src/acl.c b/src/src/acl.c
index 3cafd818419c8e4e490f03bce92046e136967414..b93ac6965ab1b95e17241c3834bd0dd9a0e76d5f 100644 (file)
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -2093,7 +2093,7 @@ uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
 va_start(ap, format);
 if (!string_vformat(buffer, sizeof(buffer), format, ap))
   log_write(0, LOG_MAIN|LOG_PANIC_DIE,
-    "string_sprintf expansion was longer than %ld", sizeof(buffer));
+    "string_sprintf expansion was longer than " SIZE_T_FMT, sizeof(buffer));
 va_end(ap);
 *log_msgptr = string_sprintf(
   "error in arguments to \"ratelimit\" condition: %s", buffer);

diff --git a/src/src/readconf.c b/src/src/readconf.c
index c62235916328e62ff46f5ad3f24359389cb325be..b35811e4869b322c283879ac8521958c58587d2d 100644 (file)
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -520,7 +520,7 @@ while (isalnum(*s) || *s == '_')
   {
   if (namelen >= sizeof(name) - 1)
     log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
-      "macro name too long (maximum is %d characters)", sizeof(name) - 1);
+      "macro name too long (maximum is " SIZE_T_FMT " characters)", sizeof(name) - 1);
   name[namelen++] = *s++;
   }
 name[namelen] = 0;
@@ -3189,9 +3189,14 @@ so as to ensure that everything else is set up before the expansion. */
 
 if (host_number_string != NULL)
   {
+  long int n;
   uschar *end;
   uschar *s = expand_string(host_number_string);
-  long int n = Ustrtol(s, &end, 0);
+  if (s == NULL)
+    log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+        "failed to expand localhost_number \"%s\": %s",
+        host_number_string, expand_string_message);
+  n = Ustrtol(s, &end, 0);
   while (isspace(*end)) end++;
   if (*end != 0)
     log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
@@ -3607,7 +3612,7 @@ else if (strncmpic(pp, US"tls_required", p - pp) == 0)
   *basic_errno = ERRNO_TLSREQUIRED;
 
 else if (len != 1 || Ustrncmp(pp, "*", 1) != 0)
-  return string_sprintf("unknown or malformed retry error \"%.*s\"", p-pp, pp);
+  return string_sprintf("unknown or malformed retry error \"%.*s\"", (int) (p-pp), pp);
 
 return NULL;
 }