https://bugs.exim.org/show_bug.cgi?id=2250
--- Comment #17 from David Carter <dp...@cam.ac.uk> ---
(In reply to David Carter from comment #16)
> (In reply to David Carter from comment #14)
>
> > I will start bisection with DKIM disabled.
>
> 4a5cbaff2f9addfc9b4375a97ec6669bf18ee4db (Tue Sep 19 21:57:30 2017 +0100)
> has the problem. That predates 4.90.
>
> I will shut up now until I can give you a precise commit version.
>
> At one or two subdivisions a day, this might take a while...
The bug was introduced in 925ac8e4f1c5d365ddea2f7aee460cd0a3cd409d
Looking at that commit, I'm pretty certain that the culprit is:
static BOOL
wouldblock_reading(void)
{
int fd, rc;
fd_set fds;
struct timeval tzero;
if (tls_in.active >= 0 && tls_could_read())
return FALSE;
if (smtp_inptr < smtp_inend)
return FALSE;
fd = fileno(smtp_in);
FD_ZERO(&fds);
FD_SET(fd, &fds);
tzero.tv_sec = 0;
tzero.tv_usec = 0;
rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero);
if (rc <= 0) return TRUE; /* Not ready to read */
rc = smtp_getc(GETC_BUFFER_UNLIMITED);
if (rc < 0) return TRUE; /* End of file or error */
smtp_ungetc(rc);
rc = smtp_inend - smtp_inptr;
if (rc > 150) rc = 150;
smtp_inptr[rc] = 0;
return FALSE;
}
I'm not sure what the last few lines of this are trying to achieve, but isn't:
rc = smtp_inend - smtp_inptr;
if (rc > 150) rc = 150;
smtp_inptr[rc] = 0;
going to introduce a single '\0' 150 characters after the current smtp_inptr?
If a long list of "RCPT TO" are pipelined, than that is likely to be real data.
Presumably this function is being called somewhere that the original
check_sync() function that it replaced was not?
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
