| 1 | From 1cfa7822ca8928f95160df8742af11fff888ae7e Mon Sep 17 00:00:00 2001 |
| 2 | From: Jeremy Harris <jgh146exb@wizmail.org> |
| 3 | Date: Tue, 12 Feb 2019 16:52:51 +0000 |
| 4 | Subject: [PATCH 3/7] Fix transport buffer size handling Broken-by: 59932f7dcd |
| 5 | |
| 6 | (cherry picked from commit 05bf16f6217e93594929c8bbbbbc852caf3ed374) |
| 7 | --- |
| 8 | doc/ChangeLog | 7 +++++++ |
| 9 | src/transport.c | 4 ++-- |
| 10 | 2 files changed, 9 insertions(+), 2 deletions(-) |
| 11 | |
| 12 | diff --git a/doc/ChangeLog b/doc/ChangeLog |
| 13 | index 7da07ad4..66c8a7a1 100644 |
| 14 | --- a/doc/ChangeLog |
| 15 | +++ b/doc/ChangeLog |
| 16 | @@ -5,6 +5,13 @@ affect Exim's operation, with an unchanged configuration file. For new |
| 17 | options, and new features, see the NewStuff file next to this ChangeLog. |
| 18 | |
| 19 | |
| 20 | +Since version 4.92 |
| 21 | +------------------ |
| 22 | + |
| 23 | +JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible |
| 24 | + buffer overrun for (non-chunking) other transports. |
| 25 | + |
| 26 | + |
| 27 | Exim version 4.92 |
| 28 | ----------------- |
| 29 | |
| 30 | diff --git a/src/transport.c b/src/transport.c |
| 31 | index 8ccdd038..a069b883 100644 |
| 32 | --- a/src/transport.c |
| 33 | +++ b/src/transport.c |
| 34 | @@ -1115,13 +1115,13 @@ DEBUG(D_transport) |
| 35 | |
| 36 | if (!(tctx->options & topt_no_body)) |
| 37 | { |
| 38 | - int size = size_limit; |
| 39 | + unsigned long size = size_limit > 0 ? size_limit : ULONG_MAX; |
| 40 | |
| 41 | nl_check_length = abs(nl_check_length); |
| 42 | nl_partial_match = 0; |
| 43 | if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0) |
| 44 | return FALSE; |
| 45 | - while ( (len = MAX(DELIVER_IN_BUFFER_SIZE, size)) > 0 |
| 46 | + while ( (len = MIN(DELIVER_IN_BUFFER_SIZE, size)) > 0 |
| 47 | && (len = read(deliver_datafile, deliver_in_buffer, len)) > 0) |
| 48 | { |
| 49 | if (!write_chunk(tctx, deliver_in_buffer, len)) |
| 50 | -- |
| 51 | 2.20.1 |
| 52 | |