1 From 1cfa7822ca8928f95160df8742af11fff888ae7e Mon Sep 17 00:00:00 2001
2 From: Jeremy Harris <jgh146exb@wizmail.org>
3 Date: Tue, 12 Feb 2019 16:52:51 +0000
4 Subject: [PATCH 3/7] Fix transport buffer size handling Broken-by: 59932f7dcd
6 (cherry picked from commit 05bf16f6217e93594929c8bbbbbc852caf3ed374)
8 doc/ChangeLog | 7 +++++++
9 src/transport.c | 4 ++--
10 2 files changed, 9 insertions(+), 2 deletions(-)
12 diff --git a/doc/ChangeLog b/doc/ChangeLog
13 index 7da07ad4..66c8a7a1 100644
16 @@ -5,6 +5,13 @@ affect Exim's operation, with an unchanged configuration file. For new
17 options, and new features, see the NewStuff file next to this ChangeLog.
23 +JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
24 + buffer overrun for (non-chunking) other transports.
30 diff --git a/src/transport.c b/src/transport.c
31 index 8ccdd038..a069b883 100644
34 @@ -1115,13 +1115,13 @@ DEBUG(D_transport)
36 if (!(tctx->options & topt_no_body))
38 - int size = size_limit;
39 + unsigned long size = size_limit > 0 ? size_limit : ULONG_MAX;
41 nl_check_length = abs(nl_check_length);
43 if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0)
45 - while ( (len = MAX(DELIVER_IN_BUFFER_SIZE, size)) > 0
46 + while ( (len = MIN(DELIVER_IN_BUFFER_SIZE, size)) > 0
47 && (len = read(deliver_datafile, deliver_in_buffer, len)) > 0)
49 if (!write_chunk(tctx, deliver_in_buffer, len))