From: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Date: Tue, 30 Mar 2021 20:48:06 +0000 (+0200)
Subject: SECURITY: Leave a clean smtp_out input buffer even in case of read error
X-Git-Tag: exim-4.95-RC0~51^2~9
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/60482d5517a46f8ee1629f58b39e6897b9b27a98

SECURITY: Leave a clean smtp_out input buffer even in case of read error

Based on Heiko Schlittermann's commit 54895bc3. This fixes:

7/ In src/smtp_out.c, read_response_line(), inblock->ptr is not updated
when -1 is returned. This does not seem to have bad consequences, but is
maybe not the intended behavior.

(cherry picked from commit 30f5d98786fb4e6ccfdd112fe65c153f0ee34c5f)
(cherry picked from commit d600f6c4d0c5d33e3988dfbfee248ff6a1536673)
---

diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c
index eae74da00..f103c2752 100644
--- a/src/src/smtp_out.c
+++ b/src/src/smtp_out.c
@@ -472,7 +472,7 @@ if (ob->socks_proxy)
   {
   int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
 				sc->tblock, ob->connect_timeout);
-
+  
   if (sock >= 0)
     {
     if (early_data && early_data->data && early_data->len)
@@ -759,6 +759,7 @@ for (;;)
 /* Get here if there has been some kind of recv() error; errno is set, but we
 ensure that the result buffer is empty before returning. */
 
+inblock->ptr = inblock->ptrend = inblock->buffer;
 *buffer = 0;
 return -1;
 }