From f4c1088bb7af23e4b613672230868056d46239a5 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Wed, 31 Jul 2013 18:50:04 -0400 Subject: [PATCH] Fix segfault in stdio with non-SMTP MIME ACL. When injecting a message locally in non-SMTP mode, and with MIME ACLs configured, if the ACL rejected the message, Exim would try to `fprintf(NULL, "%s", the_message)`. This fixes that. Most ACLs are plumbed in SMTP-only and looking through the others in receive.c, they all appear to be safely guarded, so it was just this one that slipped through. Crash report and assistance tracking down the root cause from Warren Baker. --- doc/doc-txt/ChangeLog | 4 ++++ src/ACKNOWLEDGMENTS | 1 + src/src/receive.c | 5 +++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f9a376779..d8990102d 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -209,6 +209,10 @@ PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options. It's SecureTransport, so affects any MacOS clients which use the system-integrated TLS libraries, including email clients. +PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if + using a MIME ACL for non-SMTP local injection. + Report and assistance in diagnosis by Warren Baker. + Exim version 4.80.1 ------------------- diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS index 4474de322..0611b1f99 100644 --- a/src/ACKNOWLEDGMENTS +++ b/src/ACKNOWLEDGMENTS @@ -359,6 +359,7 @@ Simon Arlott Code for outbound SSL-on-connect Patch fixing NUL term/init of DKIM strings Patch fixing dnsdb TXT record handling for DKIM Patch speeding up DomainKeys signing +Warren Baker Found crash with MIME ACLs in non-SMTP local injection Dmitry Banschikov Path to check for LDAP TLS initialisation errors René Berber Pointed out mistake in build instructions for QNX Johannes Berg Maintained dynamically loadable module code out-of-tree diff --git a/src/src/receive.c b/src/src/receive.c index 48c83db03..993d14917 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1277,9 +1277,10 @@ else if (rc != OK) #ifdef EXPERIMENTAL_DCC dcc_ok = 0; #endif - if (smtp_handle_acl_fail(ACL_WHERE_MIME, rc, user_msg, log_msg) != 0) + if (smtp_input && smtp_handle_acl_fail(ACL_WHERE_MIME, rc, user_msg, log_msg) != 0) { *smtp_yield_ptr = FALSE; /* No more messsages after dropped connection */ - *smtp_reply_ptr = US""; /* Indicate reply already sent */ + *smtp_reply_ptr = US""; /* Indicate reply already sent */ + } message_id[0] = 0; /* Indicate no message accepted */ return FALSE; /* Cause skip to end of receive function */ } -- 2.25.1