From: Jeremy Harris Date: Tue, 12 Feb 2019 16:52:51 +0000 (+0000) Subject: Fix transport buffer size handling X-Git-Tag: exim-4.93-RC0~280 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/05bf16f6217e93594929c8bbbbbc852caf3ed374?hp=578277764faad1d6277debfe79b54c3cce2b583e Fix transport buffer size handling Broken-by: 59932f7dcd --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9313c7b28..18db733aa 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -22,6 +22,9 @@ JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause. JH/05 DKIM: ensure that dkim_domain elements are lowercased before use. +JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible + buffer overrun for (non-chunking) other transports. + Exim version 4.92 ----------------- diff --git a/src/src/transport.c b/src/src/transport.c index 0fa90cb04..f34db0914 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -1108,13 +1108,13 @@ DEBUG(D_transport) if (!(tctx->options & topt_no_body)) { - int size = size_limit; + unsigned long size = size_limit > 0 ? size_limit : ULONG_MAX; nl_check_length = abs(nl_check_length); nl_partial_match = 0; if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0) return FALSE; - while ( (len = MAX(DELIVER_IN_BUFFER_SIZE, size)) > 0 + while ( (len = MIN(DELIVER_IN_BUFFER_SIZE, size)) > 0 && (len = read(deliver_datafile, deliver_in_buffer, len)) > 0) { if (!write_chunk(tctx, deliver_in_buffer, len))