From 8b77d27a46e94c347172941fc7a07b17f1e4da25 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 9 Mar 2018 16:34:08 +0000 Subject: Extra checks on inbound SMTP stream buffer refill --- src/src/lookups/ldap.c | 2 +- src/src/receive.c | 1 + src/src/smtp_in.c | 4 ++-- src/src/tls-gnu.c | 12 ++++++------ src/src/tls-openssl.c | 6 +++--- src/src/tls.c | 8 ++++---- 6 files changed, 17 insertions(+), 16 deletions(-) (limited to 'src') diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index c3b214e84..0c2c87fc3 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -889,7 +889,7 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) == if (data) { (void) string_from_gstring(data); - store_reset(data->s + data->ptr + 1); + gstring_reset_unused(data); } /* Copy the last dn into eldap_dn */ diff --git a/src/src/receive.c b/src/src/receive.c index b502a381c..6a534dc87 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1034,6 +1034,7 @@ for (;;) unsigned len = MAX(chunking_data_left, thismessage_size_limit - message_size + 1); uschar * buf = bdat_getbuf(&len); + if (!buf) return END_EOF; message_size += len; if (fout && fwrite(buf, len, 1, fout) != 1) return END_WERROR; } diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 03dcad73e..a0cc581c2 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -653,7 +653,7 @@ next_cmd: } receive_getc = bdat_getc; - receive_getbuf = bdat_getbuf; + receive_getbuf = bdat_getbuf; /* r~getbuf is never actually used */ receive_ungetc = bdat_ungetc; #ifndef DISABLE_DKIM dkim_collect_input = dkim_save; @@ -684,7 +684,7 @@ bdat_flush_data(void) while (chunking_data_left) { unsigned n = chunking_data_left; - (void) bdat_getbuf(&n); + if (!bdat_getbuf(&n)) break; } receive_getc = lwr_receive_getc; diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 6de0f023a..eed8c06dc 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -156,8 +156,8 @@ typedef struct exim_gnutls_state { uschar *xfer_buffer; int xfer_buffer_lwm; int xfer_buffer_hwm; - int xfer_eof; - int xfer_error; + BOOL xfer_eof; /*XXX never gets set! */ + BOOL xfer_error; } exim_gnutls_state_st; static const exim_gnutls_state_st exim_gnutls_state_init = { @@ -198,8 +198,8 @@ static const exim_gnutls_state_st exim_gnutls_state_init = { .xfer_buffer = NULL, .xfer_buffer_lwm = 0, .xfer_buffer_hwm = 0, - .xfer_eof = 0, - .xfer_error = 0, + .xfer_eof = FALSE, + .xfer_error = FALSE, }; /* Not only do we have our own APIs which don't pass around state, assuming @@ -2505,7 +2505,7 @@ alarm(0); if (sigalrm_seen) { DEBUG(D_tls) debug_printf("Got tls read timeout\n"); - state->xfer_error = 1; + state->xfer_error = TRUE; return FALSE; } @@ -2541,7 +2541,7 @@ else if (inbytes == 0) else if (inbytes < 0) { record_io_error(state, (int) inbytes, US"recv", NULL); - state->xfer_error = 1; + state->xfer_error = TRUE; return FALSE; } #ifndef DISABLE_DKIM diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 8e8f27686..3376dce3f 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2103,7 +2103,7 @@ DEBUG(D_tls) */ if (!ssl_xfer_buffer) ssl_xfer_buffer = store_malloc(ssl_xfer_buffer_size); ssl_xfer_buffer_lwm = ssl_xfer_buffer_hwm = 0; -ssl_xfer_eof = ssl_xfer_error = 0; +ssl_xfer_eof = ssl_xfer_error = FALSE; receive_getc = tls_getc; receive_getbuf = tls_getbuf; @@ -2498,14 +2498,14 @@ else if (error == SSL_ERROR_SSL) { ERR_error_string(ERR_get_error(), ssl_errstring); log_write(0, LOG_MAIN, "TLS error (SSL_read): %s", ssl_errstring); - ssl_xfer_error = 1; + ssl_xfer_error = TRUE; return FALSE; } else if (error != SSL_ERROR_NONE) { DEBUG(D_tls) debug_printf("Got SSL error %d\n", error); - ssl_xfer_error = 1; + ssl_xfer_error = TRUE; return FALSE; } diff --git a/src/src/tls.c b/src/src/tls.c index 121b3d962..f81662065 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -41,8 +41,8 @@ static const int ssl_xfer_buffer_size = 4096; static uschar *ssl_xfer_buffer = NULL; static int ssl_xfer_buffer_lwm = 0; static int ssl_xfer_buffer_hwm = 0; -static int ssl_xfer_eof = 0; -static int ssl_xfer_error = 0; +static int ssl_xfer_eof = FALSE; +static BOOL ssl_xfer_error = FALSE; #endif uschar *tls_channelbinding_b64 = NULL; @@ -162,7 +162,7 @@ Returns: non-zero if the eof flag is set int tls_feof(void) { -return ssl_xfer_eof; +return (int)ssl_xfer_eof; } @@ -184,7 +184,7 @@ Returns: non-zero if the error flag is set int tls_ferror(void) { -return ssl_xfer_error; +return (int)ssl_xfer_error; } -- cgit v1.2.3