From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Wed, 15 Jul 2015 22:45:39 +0000 (+0100)
Subject: Add check on tls_auth pseudo-command.  Bug 1659
X-Git-Tag: exim-4_86_RC5~1
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/2f460950af2d4379deaa804c43caf24a9fb055a0

Add check on tls_auth pseudo-command.  Bug 1659
---

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2f426ba5e..2c34c2176 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -118,6 +118,9 @@ JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
 JH/35 Bug 1642: Fix support of $spam_ variables at delivery time.  Was
       documented as working, but never had.  Support all but $spam_report.
 
+JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
+      added for tls authenticator.
+
 
 Exim version 4.85
 -----------------
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 476122045..cf0a5d642 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -159,7 +159,10 @@ AUTH is already forbidden. After a TLS session is started, AUTH's flag is again
 forced TRUE, to allow for the re-authentication that can happen at that point.
 
 QUIT is also "falsely" labelled as a mail command so that it doesn't up the
-count of non-mail commands and possibly provoke an error. */
+count of non-mail commands and possibly provoke an error.
+
+tls_auth is a pseudo-command, never expected in input.  It is activated
+on TLS startup and looks for a tls authenticator. */
 
 static smtp_cmd_list cmd_list[] = {
   /* name         len                     cmd     has_arg is_mail_cmd */
@@ -1028,10 +1031,12 @@ for (p = cmd_list; p < cmd_list_end; p++)
       continue;
     }
   #endif
-  if (strncmpic(smtp_cmd_buffer, US p->name, p->len) == 0 &&
-       (smtp_cmd_buffer[p->len-1] == ':' ||   /* "mail from:" or "rcpt to:" */
-        smtp_cmd_buffer[p->len] == 0 ||
-        smtp_cmd_buffer[p->len] == ' '))
+  if (  p->len
+     && strncmpic(smtp_cmd_buffer, US p->name, p->len) == 0
+     && (  smtp_cmd_buffer[p->len-1] == ':'    /* "mail from:" or "rcpt to:" */
+        || smtp_cmd_buffer[p->len] == 0
+	|| smtp_cmd_buffer[p->len] == ' '
+     )  )
     {
     if (smtp_inptr < smtp_inend &&                     /* Outstanding input */
         p->cmd < sync_cmd_limit &&                     /* Command should sync */