HCoop / hcoop / debian / exim4.git / blame
| Commit | Line | Data |
|---|---|---|
| d1e9e98a AM |
1 | From 2600301ba6dbac5c9d640c87007a07ee6dcea1f4 Mon Sep 17 00:00:00 2001 |
| 2 | From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> | |
| 3 | Date: Mon, 19 Aug 2019 14:45:48 +0200 | |
| 4 | Subject: [PATCH] string.c: do not interpret '\\' before '\0' (CVE-2019-15846) | |
| 5 | ||
| 6 | ||
| 7 | --- a/doc/ChangeLog | |
| 8 | +++ b/doc/ChangeLog | |
| 9 | @@ -4,6 +4,11 @@ This document describes *changes* to pre | |
| 10 | affect Exim's operation, with an unchanged configuration file. For new | |
| 11 | options, and new features, see the NewStuff file next to this ChangeLog. | |
| 12 | ||
| 13 | +Exim version 4.92.2 | |
| 14 | +------------------- | |
| 15 | + | |
| 16 | +HS/01 Handle trailing backslash gracefully. (CVE-2019-15846) | |
| 17 | + | |
| 18 | ||
| 19 | Exim version 4.89 | |
| 20 | ----------------- | |
| 21 | --- a/src/string.c | |
| 22 | +++ b/src/string.c | |
| 23 | @@ -220,6 +220,8 @@ interpreted in strings. | |
| 24 | Arguments: | |
| 25 | pp points a pointer to the initiating "\" in the string; | |
| 26 | the pointer gets updated to point to the final character | |
| 27 | + If the backslash is the last character in the string, it | |
| 28 | + is not interpreted. | |
| 29 | Returns: the value of the character escape | |
| 30 | */ | |
| 31 | ||
| 32 | @@ -232,6 +234,7 @@ const uschar *hex_digits= CUS"0123456789 | |
| 33 | int ch; | |
| 34 | const uschar *p = *pp; | |
| 35 | ch = *(++p); | |
| 36 | +if (ch == '\0') return **pp; | |
| 37 | if (isdigit(ch) && ch != '8' && ch != '9') | |
| 38 | { | |
| 39 | ch -= '0'; |