diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-07-15 23:45:39 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-07-15 23:45:39 +0100 |
| commit | 2f460950af2d4379deaa804c43caf24a9fb055a0 (patch) | |
| tree | bf77d943fc274855befefd29c22fb2fb4202d1fc | |
| parent | a2b89db142e91c52edc890da5af33266577a3f67 (diff) | |
Add check on tls_auth pseudo-command. Bug 1659
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
| -rw-r--r-- | src/src/smtp_in.c | 15 |
2 files changed, 13 insertions, 5 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2f426ba5e..2c34c2176 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -118,6 +118,9 @@ JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues. JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was documented as working, but never had. Support all but $spam_report. +JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command + added for tls authenticator. + Exim version 4.85 ----------------- diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 476122045..cf0a5d642 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -159,7 +159,10 @@ AUTH is already forbidden. After a TLS session is started, AUTH's flag is again forced TRUE, to allow for the re-authentication that can happen at that point. QUIT is also "falsely" labelled as a mail command so that it doesn't up the -count of non-mail commands and possibly provoke an error. */ +count of non-mail commands and possibly provoke an error. + +tls_auth is a pseudo-command, never expected in input. It is activated +on TLS startup and looks for a tls authenticator. */ static smtp_cmd_list cmd_list[] = { /* name len cmd has_arg is_mail_cmd */ @@ -1028,10 +1031,12 @@ for (p = cmd_list; p < cmd_list_end; p++) continue; } #endif - if (strncmpic(smtp_cmd_buffer, US p->name, p->len) == 0 && - (smtp_cmd_buffer[p->len-1] == ':' || /* "mail from:" or "rcpt to:" */ - smtp_cmd_buffer[p->len] == 0 || - smtp_cmd_buffer[p->len] == ' ')) + if ( p->len + && strncmpic(smtp_cmd_buffer, US p->name, p->len) == 0 + && ( smtp_cmd_buffer[p->len-1] == ':' /* "mail from:" or "rcpt to:" */ + || smtp_cmd_buffer[p->len] == 0 + || smtp_cmd_buffer[p->len] == ' ' + ) ) { if (smtp_inptr < smtp_inend && /* Outstanding input */ p->cmd < sync_cmd_limit && /* Command should sync */ |