From: Jeremy Harris Date: Sat, 1 Dec 2018 16:49:50 +0000 (+0000) Subject: Harden string-list handling X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/b72f857fb5b9bfe800daf6d08da85f4bff81ce1d Harden string-list handling --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index d006d9dbe..59281817e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -163,6 +163,10 @@ JH/34 Increase RSA keysize of autogen selfsign cert from 1024 to 2048. RHEL 8.0 JH/35 OpenSSL: fail the handshake when SNI processing hits a problem, server side. Previously we would continue as if no SNI had been received. +JH/36 Harder the handling of string-lists. When a list consisted of a sole + "<" character, which should be a list-separator specification, we walked + off past the nul-terimation. + Exim version 4.91 ----------------- diff --git a/src/src/string.c b/src/src/string.c index 332047460..2441f9b17 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -921,7 +921,7 @@ if (sep <= 0) if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1]))) { sep = s[1]; - s += 2; + if (*++s) ++s; while (isspace(*s) && *s != sep) s++; } else