CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/26 16:44:17
Modified files:
usr.sbin/smtpd : queue_backend.c
Log message:
Zero the temporary envelope parsing buffers before use.
While current parsing paths do not expose uninitialized data, keeping stack
residue
in these transient buffers unnecessarily weakens compartmentalization and may
aid
lateral movement inside the privsep environment after another bug.
The diff also fixes a theoretical double close race bug which can't really
happen in
smtpd due to requiring concurrency in our single threaded event loop, and which
would
have very limited reliability impact if it was triggered (forcing a mail to
fail on a
schedule tick and be retried at next tick). This is still incorrect so let's
avoid a
copy of this code in more problematic places.
diff by Stuart Thomas <[email protected]>
