------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1182 Summary: smtp_command variable uninitialised Product: Exim Version: 4.77 Platform: All OS/Version: All Status: NEW Severity: bug Priority: low Component: String expansion AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] Before HELO the $smtp_command variable is an allocated but uninitialised buffer. It is possible to access it in a notquit acl, e.g. on a tcp-only connection without smtp content. Such connections may be used either by attackers or by system-liveness monitoring. Suggested patch: --- exim-4.77/src/smtp_in.c.smtp_command_var_init 2011-11-30 14:21:49.361972279 +0000 +++ exim-4.77/src/smtp_in.c 2011-11-30 14:22:08.696972268 +0000 @@ -1395,6 +1395,7 @@ smtp_cmd_buffer = (uschar *)malloc(2*smt if (smtp_cmd_buffer == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP command buffer"); +smtp_cmd_buffer[0] = 0; smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1; /* For batched input, the protocol setting can be overridden from the -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
