From ccfdb010f92ffcd0e1598c8720049f55f7603215 Mon Sep 17 00:00:00 2001 From: Philip Hazel Date: Mon, 12 Sep 2005 10:49:30 +0000 Subject: Fix rare potential log buffer overflow. --- doc/doc-txt/ChangeLog | 7 ++++++- src/src/log.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index c09c42f3c..08907ffa7 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.218 2005/09/12 10:08:53 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.219 2005/09/12 10:49:30 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -154,6 +154,11 @@ PH/36 When a locally submitted message by a trusted user did not contain a PH/37 Added control=suppress_local_fixups. +PH/38 When log_selector = +received_sender was set, and the addition of the + sender made the log line's construction buffer exactly full, or one byte + less than full, an overflow happened when the terminating "\n" was + subsequently added. + Exim version 4.52 ----------------- diff --git a/src/src/log.c b/src/src/log.c index 1427bd061..24418c5e6 100644 --- a/src/src/log.c +++ b/src/src/log.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/log.c,v 1.6 2005/06/28 10:23:35 ph10 Exp $ */ +/* $Cambridge: exim/src/src/log.c,v 1.7 2005/09/12 10:49:30 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -741,7 +741,7 @@ va_end(ap); this way because it kind of fits with LOG_RECIPIENTS. */ if ((flags & LOG_SENDER) != 0 && - ptr < log_buffer + LOG_BUFFER_SIZE - 8 - Ustrlen(raw_sender)) + ptr < log_buffer + LOG_BUFFER_SIZE - 10 - Ustrlen(raw_sender)) { sprintf(CS ptr, " from <%s>", raw_sender); while (*ptr) ptr++; -- cgit v1.2.3