1 From 2600301ba6dbac5c9d640c87007a07ee6dcea1f4 Mon Sep 17 00:00:00 2001
2 From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
3 Date: Mon, 19 Aug 2019 14:45:48 +0200
4 Subject: [PATCH] string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
9 @@ -4,6 +4,11 @@ This document describes *changes* to pre
10 affect Exim's operation, with an unchanged configuration file. For new
11 options, and new features, see the NewStuff file next to this ChangeLog.
16 +HS/01 Handle trailing backslash gracefully. (CVE-2019-15846)
23 @@ -224,6 +224,8 @@ interpreted in strings.
25 pp points a pointer to the initiating "\" in the string;
26 the pointer gets updated to point to the final character
27 + If the backslash is the last character in the string, it
29 Returns: the value of the character escape
32 @@ -236,6 +238,7 @@ const uschar *hex_digits= CUS"0123456789
34 const uschar *p = *pp;
36 +if (ch == '\0') return **pp;
37 if (isdigit(ch) && ch != '8' && ch != '9')
40 @@ -1210,8 +1213,8 @@ memcpy(g->s + p, s, count);
49 string_cat(gstring *string, const uschar *s)