Dirk Mueller
b3b3b42a68
- add exim-CVE-2017-16944.patch: backport of commit 178ecb70987f024f0e775d87c2f8b2cf587dd542 fix for CVE-2017-16944 (#bsc1069859) OBS-URL: https://build.opensuse.org/request/show/546620 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=199
42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
diff -ru a/src/receive.c b/src/receive.c
|
|
--- a/src/receive.c 2017-11-30 09:15:29.593364805 +0100
|
|
+++ b/src/receive.c 2017-11-30 09:17:32.026970431 +0100
|
|
@@ -1759,7 +1759,7 @@
|
|
prevent further reading), and break out of the loop, having freed the
|
|
empty header, and set next = NULL to indicate no data line. */
|
|
|
|
- if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
|
|
+ if (ptr == 0 && ch == '.' && dot_ends)
|
|
{
|
|
ch = (receive_getc)();
|
|
if (ch == '\r')
|
|
diff -ru a/src/smtp_in.c b/src/smtp_in.c
|
|
--- a/src/smtp_in.c 2017-11-30 09:15:29.593364805 +0100
|
|
+++ b/src/smtp_in.c 2017-11-30 09:41:47.270055566 +0100
|
|
@@ -4751,11 +4751,17 @@
|
|
? CHUNKING_LAST : CHUNKING_ACTIVE;
|
|
chunking_data_left = chunking_datasize;
|
|
|
|
+ /* push the current receive_* function on the "stack", and
|
|
+ replace them by bdat_getc(), which in turn will use the lwr_receive_*
|
|
+ functions to do the dirty work. */
|
|
lwr_receive_getc = receive_getc;
|
|
lwr_receive_ungetc = receive_ungetc;
|
|
+
|
|
receive_getc = bdat_getc;
|
|
receive_ungetc = bdat_ungetc;
|
|
|
|
+ dot_ends = FALSE;
|
|
+
|
|
DEBUG(D_any)
|
|
debug_printf("chunking state %d\n", (int)chunking_state);
|
|
goto DATA_BDAT;
|
|
@@ -4763,6 +4769,7 @@
|
|
|
|
case DATA_CMD:
|
|
HAD(SCH_DATA);
|
|
+ dot_ends = TRUE;
|
|
|
|
DATA_BDAT: /* Common code for DATA and BDAT */
|
|
if (!discarded && recipients_count <= 0)
|