Fix variable initialisation in smtp transport. Bug 2996

2 files changed, 9 insertions, 1 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index d29ba6f65..09b4d3a60 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -125,6 +125,14 @@ JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
 JH/27 Fix ${srs_encode ..}.  Previously it would give a bad result for one day
       every 1024 days.
 
+JH/28 Bug 2996: Fix a crash in the smtp transport.  When finding that the
+      message being considered for delivery was already being handled by
+      another process, and having an SMTP connection already open, the function
+      to close it tried to use an uninitialized variable.  This would afftect
+      high-volume sites more, especially when running mailing-list-style loads.
+      Pollution of logs was the major effect, as the other process delivered
+      the message.  Found and partly investigated by Graeme Fowler.
+
 
 Exim version 4.96
 -----------------
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index c5951832b..c72028ce9 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -4973,7 +4973,7 @@ smtp_transport_closedown(transport_instance *tblock)
 {
 smtp_transport_options_block * ob = SOB tblock->options_block;
 client_conn_ctx cctx;
-smtp_context sx;
+smtp_context sx = {0};
 uschar buffer[256];
 uschar inbuffer[4096];
 uschar outbuffer[16];