summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2012-05-04 18:22:16 -0700
committerPhil Pennock <pdp@exim.org>2012-05-04 18:22:16 -0700
commitef8406816ea0fc82b5d80009b30cb83ad9af6f2f (patch)
tree81408ef9c2a5775d9fc664667073180b8a101eed
parentee278e5a4369c214892af66c2bd003bd00899345 (diff)
Check localhost_number expansion for failure.
Avoids NULL dereference. Report and patch from Alun Jones. Also a couple of SIZE_T_FMT sizeof() printf string fixes while I was in there. fixes bug 1122
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--src/src/acl.c2
-rw-r--r--src/src/readconf.c11
3 files changed, 12 insertions, 4 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 55cde6dcf..80e8edf97 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -78,6 +78,9 @@ PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
before an outbound SMTP session. New log_selector, +tls_sni.
+PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
+ NULL dereference. Report and patch from Alun Jones.
+
Exim version 4.77
-----------------
diff --git a/src/src/acl.c b/src/src/acl.c
index 3cafd8184..b93ac6965 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -2093,7 +2093,7 @@ uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
va_start(ap, format);
if (!string_vformat(buffer, sizeof(buffer), format, ap))
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
- "string_sprintf expansion was longer than %ld", sizeof(buffer));
+ "string_sprintf expansion was longer than " SIZE_T_FMT, sizeof(buffer));
va_end(ap);
*log_msgptr = string_sprintf(
"error in arguments to \"ratelimit\" condition: %s", buffer);
diff --git a/src/src/readconf.c b/src/src/readconf.c
index c62235916..b35811e48 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -520,7 +520,7 @@ while (isalnum(*s) || *s == '_')
{
if (namelen >= sizeof(name) - 1)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
- "macro name too long (maximum is %d characters)", sizeof(name) - 1);
+ "macro name too long (maximum is " SIZE_T_FMT " characters)", sizeof(name) - 1);
name[namelen++] = *s++;
}
name[namelen] = 0;
@@ -3189,9 +3189,14 @@ so as to ensure that everything else is set up before the expansion. */
if (host_number_string != NULL)
{
+ long int n;
uschar *end;
uschar *s = expand_string(host_number_string);
- long int n = Ustrtol(s, &end, 0);
+ if (s == NULL)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "failed to expand localhost_number \"%s\": %s",
+ host_number_string, expand_string_message);
+ n = Ustrtol(s, &end, 0);
while (isspace(*end)) end++;
if (*end != 0)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
@@ -3607,7 +3612,7 @@ else if (strncmpic(pp, US"tls_required", p - pp) == 0)
*basic_errno = ERRNO_TLSREQUIRED;
else if (len != 1 || Ustrncmp(pp, "*", 1) != 0)
- return string_sprintf("unknown or malformed retry error \"%.*s\"", p-pp, pp);
+ return string_sprintf("unknown or malformed retry error \"%.*s\"", (int) (p-pp), pp);
return NULL;
}