Commit | Line | Data |
---|---|---|
0baa7b9d SB |
1 | From d740d2111f189760593a303124ff6b9b1f83453d Mon Sep 17 00:00:00 2001 |
2 | From: Jeremy Harris <jgh146exb@wizmail.org> | |
3 | Date: Mon, 27 May 2019 21:57:31 +0100 | |
4 | Subject: [PATCH] Fix CVE-2019-10149 | |
5 | ||
6 | --- | |
7 | diff --git a/src/deliver.c b/src/deliver.c | |
8 | index 59256ac2c..45cc0723f 100644 | |
9 | --- a/src/deliver.c | |
10 | +++ b/src/deliver.c | |
11 | @@ -6227,17 +6227,23 @@ if (process_recipients != RECIP_IGNORE) | |
12 | { | |
13 | uschar * save_local = deliver_localpart; | |
14 | const uschar * save_domain = deliver_domain; | |
15 | + uschar * addr = new->address, * errmsg = NULL; | |
16 | + int start, end, dom; | |
17 | ||
18 | - deliver_localpart = expand_string( | |
19 | - string_sprintf("${local_part:%s}", new->address)); | |
20 | - deliver_domain = expand_string( | |
21 | - string_sprintf("${domain:%s}", new->address)); | |
22 | + if (!parse_extract_address(addr, &errmsg, &start, &end, &dom, TRUE)) | |
23 | + log_write(0, LOG_MAIN|LOG_PANIC, | |
24 | + "failed to parse address '%.100s': %s\n", addr, errmsg); | |
25 | + else | |
26 | + { | |
27 | + deliver_localpart = | |
28 | + string_copyn(addr+start, dom ? (dom-1) - start : end - start); | |
29 | + deliver_domain = dom ? CUS string_copyn(addr+dom, end - dom) : CUS""; | |
30 | ||
31 | - (void) event_raise(event_action, | |
32 | - US"msg:fail:internal", new->message); | |
33 | + event_raise(event_action, US"msg:fail:internal", new->message); | |
34 | ||
35 | - deliver_localpart = save_local; | |
36 | - deliver_domain = save_domain; | |
37 | + deliver_localpart = save_local; | |
38 | + deliver_domain = save_domain; | |
39 | + } | |
40 | } | |
41 | #endif | |
42 | } | |
43 | -- | |
44 | 2.20.1 | |
45 |