https://bugs.exim.org/show_bug.cgi?id=2250
--- Comment #17 from David Carter <dp...@cam.ac.uk> --- (In reply to David Carter from comment #16) > (In reply to David Carter from comment #14) > > > I will start bisection with DKIM disabled. > > 4a5cbaff2f9addfc9b4375a97ec6669bf18ee4db (Tue Sep 19 21:57:30 2017 +0100) > has the problem. That predates 4.90. > > I will shut up now until I can give you a precise commit version. > > At one or two subdivisions a day, this might take a while... The bug was introduced in 925ac8e4f1c5d365ddea2f7aee460cd0a3cd409d Looking at that commit, I'm pretty certain that the culprit is: static BOOL wouldblock_reading(void) { int fd, rc; fd_set fds; struct timeval tzero; if (tls_in.active >= 0 && tls_could_read()) return FALSE; if (smtp_inptr < smtp_inend) return FALSE; fd = fileno(smtp_in); FD_ZERO(&fds); FD_SET(fd, &fds); tzero.tv_sec = 0; tzero.tv_usec = 0; rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero); if (rc <= 0) return TRUE; /* Not ready to read */ rc = smtp_getc(GETC_BUFFER_UNLIMITED); if (rc < 0) return TRUE; /* End of file or error */ smtp_ungetc(rc); rc = smtp_inend - smtp_inptr; if (rc > 150) rc = 150; smtp_inptr[rc] = 0; return FALSE; } I'm not sure what the last few lines of this are trying to achieve, but isn't: rc = smtp_inend - smtp_inptr; if (rc > 150) rc = 150; smtp_inptr[rc] = 0; going to introduce a single '\0' 150 characters after the current smtp_inptr? If a long list of "RCPT TO" are pipelined, than that is likely to be real data. Presumably this function is being called somewhere that the original check_sync() function that it replaced was not? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##