1 From 6b647c508aced6961f00e139f0337e2c8aba9eb7 Mon Sep 17 00:00:00 2001
2 From: Qualys Security Advisory <qsa@qualys.com>
3 Date: Sun, 21 Feb 2021 22:24:13 -0800
4 Subject: [PATCH 20/29] Security: Leave a clean smtp_out input buffer even in
7 Based on Heiko Schlittermann's commit 54895bc3. This fixes:
9 7/ In src/smtp_out.c, read_response_line(), inblock->ptr is not updated
10 when -1 is returned. This does not seem to have bad consequences, but is
11 maybe not the intended behavior.
13 src/smtp_out.c | 6 ++++--
14 1 file changed, 4 insertions(+), 2 deletions(-)
18 @@ -387,11 +387,11 @@ HDEBUG(D_transport|D_acl|D_v)
22 int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
23 sc->tblock, ob->connect_timeout);
28 if (early_data && early_data->data && early_data->len)
29 if (send(sock, early_data->data, early_data->len, 0) < 0)
31 @@ -588,11 +588,11 @@ Arguments:
32 buffer where to put the line
33 size space available for the line
34 timelimit deadline for reading the lime, seconds past epoch
36 Returns: length of a line that has been put in the buffer
37 - -1 otherwise, with errno set
38 + -1 otherwise, with errno set, and inblock->ptr adjusted
42 read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit)
44 @@ -629,10 +629,11 @@ for (;;)
48 *p = 0; /* Leave malformed line for error message */
49 errno = ERRNO_SMTPFORMAT;
55 /* Need to read a new input packet. */
56 @@ -654,10 +655,11 @@ for (;;)
59 /* Get here if there has been some kind of recv() error; errno is set, but we
60 ensure that the result buffer is empty before returning. */
62 +inblock->ptr = inblock->ptrend = inblock->buffer;