A latent bug (uninitialised memory referred to by $mime_decoded_filename)
uncovered by
40c90bca9f7e
+/*
+ * Return open filehandle for combo of path and file.
+ * Side-effect: set mime_decoded_filename, to copy in allocated mem
+ */
static FILE *
mime_get_decode_file(uschar *pname, uschar *fname)
{
static FILE *
mime_get_decode_file(uschar *pname, uschar *fname)
{
-FILE *f = NULL;
-uschar *filename = NULL;
-
- {
- filename = string_sprintf("%s/%s", pname, fname);
- f = modefopen(filename,"wb+",SPOOL_MODE);
- }
+ mime_decoded_filename = string_sprintf("%s/%s", pname, fname);
- f = modefopen(fname,"wb+",SPOOL_MODE);
+ mime_decoded_filename = string_copy(fname);
else if (!fname)
{
int file_nr = 0;
else if (!fname)
{
int file_nr = 0;
- filename = string_sprintf("%s/%s-%05u", pname, message_id, file_nr++);
+ mime_decoded_filename = string_sprintf("%s/%s-%05u", pname, message_id, file_nr++);
/* security break */
if (file_nr >= 1024)
break;
/* security break */
if (file_nr >= 1024)
break;
- result = stat(CS filename, &mystat);
+ result = stat(CS mime_decoded_filename, &mystat);
-
- f = modefopen(filename, "wb+", SPOOL_MODE);
-/* set expansion variable */
-/*XXX ? not set if !pname ? */
-mime_decoded_filename = filename;
-
-return f;
+return modefopen(mime_decoded_filename, "wb+", SPOOL_MODE);
if (!mime_decoded_filename) /* decoding failed */
{
log_write(0, LOG_MAIN,
if (!mime_decoded_filename) /* decoding failed */
{
log_write(0, LOG_MAIN,
- "mime_regex acl condition warning - could not decode RFC822 MIME part to file.");
+ "MIME acl condition warning - could not decode RFC822 MIME part to file.");
git://git.exim.org / exim.git / commitdiff