From f1d38a56d8aa122a13f84db36bd1db1ceb489454 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 30 Sep 2016 14:59:04 +0100 Subject: [PATCH] Fix mime ACL filename decode A latent bug (uninitialised memory referred to by $mime_decoded_filename) uncovered by 40c90bca9f7e --- src/src/mime.c | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/src/src/mime.c b/src/src/mime.c index c924f2bc3..17643eda3 100644 --- a/src/src/mime.c +++ b/src/src/mime.c @@ -188,19 +188,17 @@ return size; } +/* + * Return open filehandle for combo of path and file. + * Side-effect: set mime_decoded_filename, to copy in allocated mem + */ static FILE * mime_get_decode_file(uschar *pname, uschar *fname) { -FILE *f = NULL; -uschar *filename = NULL; - if (pname && fname) - { - filename = string_sprintf("%s/%s", pname, fname); - f = modefopen(filename,"wb+",SPOOL_MODE); - } + mime_decoded_filename = string_sprintf("%s/%s", pname, fname); else if (!pname) - f = modefopen(fname,"wb+",SPOOL_MODE); + mime_decoded_filename = string_copy(fname); else if (!fname) { int file_nr = 0; @@ -210,21 +208,15 @@ else if (!fname) do { struct stat mystat; - filename = string_sprintf("%s/%s-%05u", pname, message_id, file_nr++); + mime_decoded_filename = string_sprintf("%s/%s-%05u", pname, message_id, file_nr++); /* security break */ if (file_nr >= 1024) break; - result = stat(CS filename, &mystat); + result = stat(CS mime_decoded_filename, &mystat); } while(result != -1); - - f = modefopen(filename, "wb+", SPOOL_MODE); } -/* set expansion variable */ -/*XXX ? not set if !pname ? */ -mime_decoded_filename = filename; - -return f; +return modefopen(mime_decoded_filename, "wb+", SPOOL_MODE); } @@ -809,7 +801,7 @@ while(1) if (!mime_decoded_filename) /* decoding failed */ { log_write(0, LOG_MAIN, - "mime_regex acl condition warning - could not decode RFC822 MIME part to file."); + "MIME acl condition warning - could not decode RFC822 MIME part to file."); rc = DEFER; goto out; } -- 2.25.1