From 091c3f85bf46898ac653a653d6a88ca2882d7de7 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 1 Dec 2018 16:49:50 +0000 Subject: [PATCH] Harden string-list handling --- doc/doc-txt/ChangeLog | 4 ++++ src/src/string.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index da4e1a8a7..2fa08c0a4 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -71,6 +71,10 @@ JH/33 Bug 2338: Fix the cyrus-sasl authenticator to fill in the $authenticated_fail_id variable on authentication failure. Previously it was unset. +JH/36 Harder the handling of string-lists. When a list consisted of a sole + "<" character, which should be a list-separator specification, we walked + off past the nul-terimation. + Exim version 4.91 ----------------- diff --git a/src/src/string.c b/src/src/string.c index 29a87c572..0099ce0d9 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -894,7 +894,7 @@ if (sep <= 0) if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1]))) { sep = s[1]; - s += 2; + if (*++s) ++s; while (isspace(*s) && *s != sep) s++; } else -- 2.30.2