From f9b9210ed00d36e87538b5d4abe51c079826fb9c Mon Sep 17 00:00:00 2001 From: Philip Hazel Date: Tue, 29 Mar 2005 15:53:12 +0000 Subject: [PATCH] Fix non-check for read() error in sync check before writing banner. --- doc/doc-txt/ChangeLog | 11 ++++++++++- src/src/smtp_in.c | 21 ++++++++++++--------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 4cb08c1dc..cf31d4690 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.105 2005/03/29 15:19:25 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.106 2005/03/29 15:53:12 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -108,6 +108,15 @@ PH/19 When an Exim process that is running as root has to create an Exim log run out. I reviewed all the other calls to fork(); they all seem to check for failure. +PH/20 When checking for unexpected SMTP input at connect time (before writing + the banner), Exim was not dealing correctly with a non-positive return + from the read() function. If the client had disconnected by this time, + the result was a log entry for a synchronization error with an empty + string after "input=" when read() returned zero. If read() returned -1 + (an event I could not check), uninitialized data bytes were printed. + There were reports of junk text (parts of files, etc) appearing after + "input=". + A note about Exim versions 4.44 and 4.50 ---------------------------------------- diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 7348e9b15..c10293c87 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.14 2005/03/22 10:11:43 ph10 Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.15 2005/03/29 15:53:12 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1616,14 +1616,17 @@ if (smtp_enforce_sync && sender_host_address != NULL && !sender_host_notsocket) &tzero) > 0) { int rc = read(fileno(smtp_in), smtp_inbuffer, in_buffer_size); - if (rc > 150) rc = 150; - smtp_inbuffer[rc] = 0; - log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol violation: " - "synchronization error (input sent without waiting for greeting): " - "rejected connection from %s input=\"%s\"", host_and_ident(TRUE), - string_printing(smtp_inbuffer)); - smtp_printf("554 SMTP synchronization error\r\n"); - return FALSE; + if (rc > 0) + { + if (rc > 150) rc = 150; + smtp_inbuffer[rc] = 0; + log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol violation: " + "synchronization error (input sent without waiting for greeting): " + "rejected connection from %s input=\"%s\"", host_and_ident(TRUE), + string_printing(smtp_inbuffer)); + smtp_printf("554 SMTP synchronization error\r\n"); + return FALSE; + } } } -- 2.25.1