jgh146exb at wizmail
Nov 30, 2011, 6:52 AM
Post #1 of 1
(139 views)
Permalink
|
|
[Bug 1182] New: smtp_command variable uninitialised
|
|
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1182
Summary: smtp_command variable uninitialised
Product: Exim
Version: 4.77
Platform: All
OS/Version: All
Status: NEW
Severity: bug
Priority: low
Component: String expansion
AssignedTo: nigel [at] exim
ReportedBy: jgh146exb [at] wizmail
CC: exim-dev [at] exim
Before HELO the $smtp_command variable is an allocated but uninitialised
buffer. It is possible to access it in a notquit acl, e.g. on a tcp-only
connection without smtp content. Such connections may be used either by
attackers or by system-liveness monitoring.
Suggested patch:
--- exim-4.77/src/smtp_in.c.smtp_command_var_init 2011-11-30
14:21:49.361972279 +0000
+++ exim-4.77/src/smtp_in.c 2011-11-30 14:22:08.696972268 +0000
@@ -1395,6 +1395,7 @@ smtp_cmd_buffer = (uschar *)malloc(2*smt
if (smtp_cmd_buffer == NULL)
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
"malloc() failed for SMTP command buffer");
+smtp_cmd_buffer[0] = 0;
smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1;
/* For batched input, the protocol setting can be overridden from the
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
|
