Harden plaintext authenticator

author: Jeremy Harris <jgh146exb@wizmail.org> 2019-03-21 19:54:31 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2019-03-21 19:54:31 +0000
commit: f9fc9427579982838daf3e50c1d14b69bf59a43e (patch)
tree: dfac308585b8da8062830dde39d6f162e1f97786
parent: a9f6ab7d420d1ff1389058eb9e7ba3ec5c2ea011 (diff)
download: exim4-f9fc9427579982838daf3e50c1d14b69bf59a43e.tar.gz
2 files changed, 5 insertions, 5 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2085a3b7b..fa8f467e6 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -48,6 +48,10 @@ JH/10 OpenSSL: Fix aggregation of messages.  Previously, when PIPELINING was
       dropped connections and sometimes bounces generated by a peer sending
       to this system.
 
+JH/11 Harden plaintext authenticator against a badly misconfigured client-send
+      string.  Previously it was possible to cause undefined behaviour in a
+      library routine (usually a crash).  Found by "zerons".
+
 
 Exim version 4.92
 -----------------
diff --git a/src/src/auths/get_data.c b/src/src/auths/get_data.c
index 37dcd37cc..efb4d6d8b 100644
--- a/src/src/auths/get_data.c
+++ b/src/src/auths/get_data.c
@@ -174,11 +174,7 @@ for (int i = 0; i < len; i++)
     if (ss[i+1] != '^')
       ss[i] = 0;
     else
-      {
-      i++;
-      len--;
-      memmove(ss + i, ss + i + 1, len - i);
-      }
+      if (--len > ++i) memmove(ss + i, ss + i + 1, len - i);
 
 /* The first string is attached to the AUTH command; others are sent
 unembellished. */
author	Jeremy Harris <jgh146exb@wizmail.org>	2019-03-21 19:54:31 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2019-03-21 19:54:31 +0000
commit	f9fc9427579982838daf3e50c1d14b69bf59a43e (patch)
tree	dfac308585b8da8062830dde39d6f162e1f97786
parent	a9f6ab7d420d1ff1389058eb9e7ba3ec5c2ea011 (diff)
download	exim4-f9fc9427579982838daf3e50c1d14b69bf59a43e.tar.gz