https://bugs.exim.org/show_bug.cgi?id=2409
Bug ID: 2409
Summary: Callout verification response buffer with non-ASCII
characters is returned in the user message
Product: Exim
Version: 4.92
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
If a sender verify callout receives non-ASCII characters (e.g. in response to
an initial connection to port 465 but TLS could not be started) then this is
put in addr->user_message unmodified in src/src/verify.c (sx.buffer):
addr->user_message = options & vopt_is_recipient
? string_sprintf("Callout verification failed:\n%s", sx.buffer)
: string_sprintf("Called: %s\nSent: %s\nResponse: %s",
host->address, big_buffer, sx.buffer);
I think the original reason why this is the unmodified response is because it
could contain multiple lines that should be preserved to make the message
readable.
A variant of string_printing2() that allows newlines as well as tabs is
required to escape this correctly.
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
