summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/src/dcc.c4
-rw-r--r--src/src/dns.c14
-rw-r--r--src/src/exim_dbutil.c2
-rw-r--r--src/src/routers/queryprogram.c1
-rw-r--r--src/src/spam.c2
-rw-r--r--src/src/spool_in.c6
-rw-r--r--src/src/transport.c2
-rw-r--r--src/src/verify.c4
8 files changed, 21 insertions, 14 deletions
diff --git a/src/src/dcc.c b/src/src/dcc.c
index b03690ca6..c374cf91c 100644
--- a/src/src/dcc.c
+++ b/src/src/dcc.c
@@ -216,9 +216,9 @@ dcc_process(uschar **listptr)
}
} else {
/* connecting to the dccifd UNIX socket */
- bzero((char *)&serv_addr,sizeof(serv_addr));
+ bzero(&serv_addr, sizeof(serv_addr));
serv_addr.sun_family = AF_UNIX;
- Ustrcpy(serv_addr.sun_path, sockpath);
+ Ustrncpy(serv_addr.sun_path, sockpath, sizeof(serv_addr.sun_path));
if ((sockfd = socket(AF_UNIX, SOCK_STREAM,0)) < 0){
DEBUG(D_acl)
debug_printf("DCC: Creating UNIX socket connection failed: %s\n", strerror(errno));
diff --git a/src/src/dns.c b/src/src/dns.c
index bb6693254..17152d9a6 100644
--- a/src/src/dns.c
+++ b/src/src/dns.c
@@ -868,7 +868,7 @@ BOOL secure_so_far = TRUE;
for (i = 0; i < 10; i++)
{
- uschar data[256];
+ uschar * data;
dns_record *rr, cname_rr, type_rr;
dns_scan dnss;
int datalen, rc;
@@ -918,7 +918,7 @@ for (i = 0; i < 10; i++)
/* If any data records of the correct type were found, we are done. */
- if (type_rr.data != NULL)
+ if (type_rr.data)
{
if (!secure_so_far) /* mark insecure if any element of CNAME chain was */
dns_set_insecure(dnsa);
@@ -930,10 +930,14 @@ for (i = 0; i < 10; i++)
have had a failure from dns_lookup). However code against the possibility of
its not existing. */
- if (cname_rr.data == NULL) return DNS_FAIL;
+ if (!cname_rr.data)
+ return DNS_FAIL;
+
+ data = store_get(256);
datalen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
- cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, sizeof(data));
- if (datalen < 0) return DNS_FAIL;
+ cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256);
+ if (datalen < 0)
+ return DNS_FAIL;
name = data;
if (!dns_is_secure(dnsa))
diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c
index 417a42db6..262e39044 100644
--- a/src/src/exim_dbutil.c
+++ b/src/src/exim_dbutil.c
@@ -259,7 +259,7 @@ uschar buffer[256];
ensures that Exim has exclusive use of the database before it even tries to
open it. If there is a database, there should be a lock file in existence. */
-sprintf(CS buffer, "%s/db/%s.lockfile", spool_directory, name);
+sprintf(CS buffer, "%s/db/%.200s.lockfile", spool_directory, name);
dbblock->lockfd = Uopen(buffer, flags, 0);
if (dbblock->lockfd < 0)
diff --git a/src/src/routers/queryprogram.c b/src/src/routers/queryprogram.c
index 018e4c831..9970c8299 100644
--- a/src/src/routers/queryprogram.c
+++ b/src/src/routers/queryprogram.c
@@ -214,6 +214,7 @@ ugid.uid_set = ugid.gid_set = FALSE;
/* Set up the propagated data block with the current address_data and the
errors address and extra header stuff. */
+bzero(&addr_prop, sizeof(addr_prop));
addr_prop.address_data = deliver_address_data;
rc = rf_get_errors_address(addr, rblock, verify, &addr_prop.errors_address);
diff --git a/src/src/spam.c b/src/src/spam.c
index 6a0ca3c20..51ae88f50 100644
--- a/src/src/spam.c
+++ b/src/src/spam.c
@@ -139,7 +139,7 @@ long rnd, weights;
unsigned pri;
static BOOL srandomed = FALSE;
-/* seedup, if we have only 1 server */
+/* speedup, if we have only 1 server */
if (num_servers == 1)
return (spamds[0]->is_failed ? -1 : 0);
diff --git a/src/src/spool_in.c b/src/src/spool_in.c
index 59192ef30..992e08886 100644
--- a/src/src/spool_in.c
+++ b/src/src/spool_in.c
@@ -473,11 +473,13 @@ for (;;)
int index, count;
uschar name[20]; /* Need plenty of space for %d format */
tree_node *node;
- if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
+ if ( sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2
+ || index >= 20
+ )
goto SPOOL_FORMAT_ERROR;
if (index < 10)
(void) string_format(name, sizeof(name), "%c%d", 'c', index);
- else if (index < 20) /* ignore out-of-range index */
+ else
(void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
node = acl_var_create(name);
node->data.ptr = store_get(count + 1);
diff --git a/src/src/transport.c b/src/src/transport.c
index 13f3c07fc..c14b60f4e 100644
--- a/src/src/transport.c
+++ b/src/src/transport.c
@@ -1205,7 +1205,7 @@ transport_write_message(address_item *addr, int fd, int options,
BOOL use_crlf;
BOOL last_filter_was_NL = TRUE;
int rc, len, yield, fd_read, fd_write, save_errno;
-int pfd[2];
+int pfd[2] = {-1, -1};
pid_t filter_pid, write_pid;
transport_filter_timed_out = FALSE;
diff --git a/src/src/verify.c b/src/src/verify.c
index 6aa425a54..3d4f88550 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -458,7 +458,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
&& port == cutthrough.host.port
)
{
- uschar * resp;
+ uschar * resp = NULL;
/* Match! Send the RCPT TO, append the addr, set done */
done =
@@ -485,7 +485,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
else
{
cancel_cutthrough_connection("recipient rejected");
- if (errno == ETIMEDOUT)
+ if (!resp || errno == ETIMEDOUT)
{
HDEBUG(D_verify) debug_printf("SMTP timeout\n");
}