Fix memory bug (could segfault) for $reply_address when Reply-to: is

empty and From: does not exist.

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index b953ab84eff413405d47c38bd94f698c90867df6..8a00fffd9a9bdc05f1b43fcb075dc8b4f8ead965 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.198 2005/08/03 09:29:24 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.199 2005/08/08 09:57:29 ph10 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -60,6 +60,9 @@ JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04)
 
 TK/03 Fix log output including CR from clamd.
 
+PH/14 A reference to $reply_address when Reply-to: was empty and From: did not
+      exist provoked a memory error which could cause a segfault.
+
 
 Exim version 4.52
 -----------------

diff --git a/src/src/expand.c b/src/src/expand.c
index 92e342d376ab54e60cd5aa67bd0927e846e08b20..25e286390107ab67333ea5bc18352866ed0f9f0a 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/expand.c,v 1.39 2005/08/01 15:01:12 ph10 Exp $ */
+/* $Cambridge: exim/src/src/expand.c,v 1.40 2005/08/08 09:57:29 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1427,7 +1427,10 @@ while (last > first)
     s = find_header(US"reply-to:", exists_only, newsize, FALSE,
       headers_charset);
     if (s == NULL || *s == 0)
+      {
+      *newsize = 0;                            /* For the *s==0 case */
       s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
+      }
     return (s == NULL)? US"" : s;
 
     /* A recipients list is available only during system message filtering,