diff options
author | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2020-12-02 22:28:02 +0100 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-04-28 00:40:34 +0200 |
commit | 13f9998ebb937970d1d9d18f205a6e03e14105b4 (patch) | |
tree | c97e761b4164850f3d5eab4b1d92a9a3eec08bd3 | |
parent | 667fb25b8f0dc3fbac57bce4051e345555fa776a (diff) | |
download | exim4-13f9998ebb937970d1d9d18f205a6e03e14105b4.tar.gz |
SECURITY: smtp_out: Leave a clean input buffer, even in case of read error
Credits: Qualys
7/ In src/smtp_out.c, read_response_line(), inblock->ptr is not updated
when -1 is returned. This does not seem to have bad consequences, but is
maybe not the intended behavior.
(cherry picked from commit f7ac5a7d1e817bf60f161e7a1d40b65d66da607f)
-rw-r--r-- | src/src/smtp_out.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index c4c409677..d6dfba52e 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -425,7 +425,7 @@ if (ob->socks_proxy) { int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface, sc->tblock, ob->connect_timeout); - + if (sock >= 0) { if (early_data && early_data->data && early_data->len) @@ -643,7 +643,7 @@ Arguments: timelimit deadline for reading the lime, seconds past epoch Returns: length of a line that has been put in the buffer - -1 otherwise, with errno set + -1 otherwise, with errno set, and inblock->ptr adjusted */ static int @@ -684,6 +684,7 @@ for (;;) { *p = 0; /* Leave malformed line for error message */ errno = ERRNO_SMTPFORMAT; + inblock->ptr = ptr; return -1; } } |