From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 9 Mar 2018 16:34:08 +0000 (+0000)
Subject: Extra checks on inbound SMTP stream buffer refill
X-Git-Tag: exim-4_91_RC1~17
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/8b77d27a46e94c347172941fc7a07b17f1e4da25

Extra checks on inbound SMTP stream buffer refill
---

diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index c3b214e84..0c2c87fc3 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -889,7 +889,7 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) ==
 if (data)
   {
   (void) string_from_gstring(data);
-  store_reset(data->s + data->ptr + 1);
+  gstring_reset_unused(data);
   }
 
 /* Copy the last dn into eldap_dn */
diff --git a/src/src/receive.c b/src/src/receive.c
index b502a381c..6a534dc87 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -1034,6 +1034,7 @@ for (;;)
     unsigned len = MAX(chunking_data_left, thismessage_size_limit - message_size + 1);
     uschar * buf = bdat_getbuf(&len);
 
+    if (!buf) return END_EOF;
     message_size += len;
     if (fout && fwrite(buf, len, 1, fout) != 1) return END_WERROR;
     }
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 03dcad73e..a0cc581c2 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -653,7 +653,7 @@ next_cmd:
 	  }
 
       receive_getc = bdat_getc;
-      receive_getbuf = bdat_getbuf;
+      receive_getbuf = bdat_getbuf;	/* r~getbuf is never actually used */
       receive_ungetc = bdat_ungetc;
 #ifndef DISABLE_DKIM
       dkim_collect_input = dkim_save;
@@ -684,7 +684,7 @@ bdat_flush_data(void)
 while (chunking_data_left)
   {
   unsigned n = chunking_data_left;
-  (void) bdat_getbuf(&n);
+  if (!bdat_getbuf(&n)) break;
   }
 
 receive_getc = lwr_receive_getc;
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 6de0f023a..eed8c06dc 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -156,8 +156,8 @@ typedef struct exim_gnutls_state {
   uschar *xfer_buffer;
   int xfer_buffer_lwm;
   int xfer_buffer_hwm;
-  int xfer_eof;
-  int xfer_error;
+  BOOL xfer_eof;	/*XXX never gets set! */
+  BOOL xfer_error;
 } exim_gnutls_state_st;
 
 static const exim_gnutls_state_st exim_gnutls_state_init = {
@@ -198,8 +198,8 @@ static const exim_gnutls_state_st exim_gnutls_state_init = {
   .xfer_buffer =	NULL,
   .xfer_buffer_lwm =	0,
   .xfer_buffer_hwm =	0,
-  .xfer_eof =		0,
-  .xfer_error =		0,
+  .xfer_eof =		FALSE,
+  .xfer_error =		FALSE,
 };
 
 /* Not only do we have our own APIs which don't pass around state, assuming
@@ -2505,7 +2505,7 @@ alarm(0);
 if (sigalrm_seen)
   {
   DEBUG(D_tls) debug_printf("Got tls read timeout\n");
-  state->xfer_error = 1;
+  state->xfer_error = TRUE;
   return FALSE;
   }
 
@@ -2541,7 +2541,7 @@ else if (inbytes == 0)
 else if (inbytes < 0)
   {
   record_io_error(state, (int) inbytes, US"recv", NULL);
-  state->xfer_error = 1;
+  state->xfer_error = TRUE;
   return FALSE;
   }
 #ifndef DISABLE_DKIM
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 8e8f27686..3376dce3f 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2103,7 +2103,7 @@ DEBUG(D_tls)
  */
 if (!ssl_xfer_buffer) ssl_xfer_buffer = store_malloc(ssl_xfer_buffer_size);
 ssl_xfer_buffer_lwm = ssl_xfer_buffer_hwm = 0;
-ssl_xfer_eof = ssl_xfer_error = 0;
+ssl_xfer_eof = ssl_xfer_error = FALSE;
 
 receive_getc = tls_getc;
 receive_getbuf = tls_getbuf;
@@ -2498,14 +2498,14 @@ else if (error == SSL_ERROR_SSL)
   {
   ERR_error_string(ERR_get_error(), ssl_errstring);
   log_write(0, LOG_MAIN, "TLS error (SSL_read): %s", ssl_errstring);
-  ssl_xfer_error = 1;
+  ssl_xfer_error = TRUE;
   return FALSE;
   }
 
 else if (error != SSL_ERROR_NONE)
   {
   DEBUG(D_tls) debug_printf("Got SSL error %d\n", error);
-  ssl_xfer_error = 1;
+  ssl_xfer_error = TRUE;
   return FALSE;
   }
 
diff --git a/src/src/tls.c b/src/src/tls.c
index 121b3d962..f81662065 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -41,8 +41,8 @@ static const int ssl_xfer_buffer_size = 4096;
 static uschar *ssl_xfer_buffer = NULL;
 static int ssl_xfer_buffer_lwm = 0;
 static int ssl_xfer_buffer_hwm = 0;
-static int ssl_xfer_eof = 0;
-static int ssl_xfer_error = 0;
+static int ssl_xfer_eof = FALSE;
+static BOOL ssl_xfer_error = FALSE;
 #endif
 
 uschar *tls_channelbinding_b64 = NULL;
@@ -162,7 +162,7 @@ Returns:       non-zero if the eof flag is set
 int
 tls_feof(void)
 {
-return ssl_xfer_eof;
+return (int)ssl_xfer_eof;
 }
 
 
@@ -184,7 +184,7 @@ Returns:       non-zero if the error flag is set
 int
 tls_ferror(void)
 {
-return ssl_xfer_error;
+return (int)ssl_xfer_error;
 }