From c71f869820b45b911cc8edbd0de88bbc9621fd5f Mon Sep 17 00:00:00 2001 From: Peter Benie Date: Thu, 14 Mar 2024 16:11:14 +0000 Subject: [PATCH] Rewrites: fix delivery crash from constant errors_to. Bug 3081 Broken-by: 753739fdef6d --- doc/doc-txt/ChangeLog | 7 ++++++- src/src/rewrite.c | 12 +++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 20dcd1348..3dc0e5512 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -120,6 +120,11 @@ JH/22 The ESMTP_LIMITS facility (RFC 9422) is promoted from experimental status JH/23 Bug 3066: Avoid leaking lookup database credentials to log. +JH/24 Bug 3081: Fix a delivery process crash. When the router "errors_to" + option specified a fixed address, later rewriting on that address would + trip on the configuration data being readonly. Instead of modifying + in-place, copy data. Found and fixed by Peter Benie. + Exim version 4.97 ----------------- @@ -695,7 +700,7 @@ JH/44 Bug 2701: Fix list-expansion of dns_ipv4_lookup. Previously, it did mx_fail_domains. JH/45 Use a (new) separate store pool-pair for DKIM verify working data. - Previously the permanent pool was used, so the sore could not be freed. + Previously the permanent pool was used, so the store could not be freed. This meant a connection with many messages would use continually-growing memory. diff --git a/src/src/rewrite.c b/src/src/rewrite.c index 70bd79e26..9ee5a6794 100644 --- a/src/src/rewrite.c +++ b/src/src/rewrite.c @@ -104,7 +104,7 @@ rewrite_one(const uschar *s, int flag, BOOL *whole, BOOL add_header, uschar *nam { const uschar *yield = s; const uschar *subject = s; -uschar *domain = NULL; +const uschar *domain = NULL; BOOL done = FALSE; int rule_number = 1; int yield_start = 0, yield_end = 0; @@ -158,7 +158,7 @@ for (rewrite_rule * rule = rewrite_rules; else { - if (!domain) domain = Ustrrchr(subject, '@') + 1; + if (!domain) domain = CUstrrchr(subject, '@') + 1; /* Use the general function for matching an address against a list (here just one item, so use the "impossible value" separator UCHAR_MAX+1). */ @@ -182,16 +182,14 @@ for (rewrite_rule * rule = rewrite_rules; save_domain = deliver_domain; /* We have subject pointing to "localpart@domain" and domain pointing to - the domain. Temporarily terminate the local part so that it can be - set up as an expansion variable */ + the domain. Split into local part and domain so that it can be set up as + an expansion variable */ - domain[-1] = 0; - deliver_localpart = US subject; + deliver_localpart = US string_copyn(subject, domain-subject-1); deliver_domain = domain; new = expand_string(rule->replacement); - domain[-1] = '@'; deliver_localpart = save_localpart; deliver_domain = save_domain; } -- 2.30.2