diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-12-01 16:49:50 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-12-01 16:49:50 +0000 |
| commit | b72f857fb5b9bfe800daf6d08da85f4bff81ce1d (patch) | |
| tree | e7646e48bcba6309065d54c10e73a8e5929d6dda | |
| parent | cdf0cd2e8fc4273a8c13bb2810a0fe2da16a003c (diff) | |
| download | exim4-b72f857fb5b9bfe800daf6d08da85f4bff81ce1d.tar.gz | |
Harden string-list handling
| -rw-r--r-- | doc/doc-txt/ChangeLog | 4 | ||||
| -rw-r--r-- | src/src/string.c | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index d006d9dbe..59281817e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -163,6 +163,10 @@ JH/34 Increase RSA keysize of autogen selfsign cert from 1024 to 2048. RHEL 8.0 JH/35 OpenSSL: fail the handshake when SNI processing hits a problem, server side. Previously we would continue as if no SNI had been received. +JH/36 Harder the handling of string-lists. When a list consisted of a sole + "<" character, which should be a list-separator specification, we walked + off past the nul-terimation. + Exim version 4.91 ----------------- diff --git a/src/src/string.c b/src/src/string.c index 332047460..2441f9b17 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -921,7 +921,7 @@ if (sep <= 0) if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1]))) { sep = s[1]; - s += 2; + if (*++s) ++s; while (isspace(*s) && *s != sep) s++; } else |