1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
From 1cfa7822ca8928f95160df8742af11fff888ae7e Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Tue, 12 Feb 2019 16:52:51 +0000
Subject: [PATCH 3/7] Fix transport buffer size handling Broken-by: 59932f7dcd
(cherry picked from commit 05bf16f6217e93594929c8bbbbbc852caf3ed374)
---
doc/ChangeLog | 7 +++++++
src/transport.c | 4 ++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 7da07ad4..66c8a7a1 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -5,6 +5,13 @@ affect Exim's operation, with an unchanged configuration file. For new
options, and new features, see the NewStuff file next to this ChangeLog.
+Since version 4.92
+------------------
+
+JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
+ buffer overrun for (non-chunking) other transports.
+
+
Exim version 4.92
-----------------
diff --git a/src/transport.c b/src/transport.c
index 8ccdd038..a069b883 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -1115,13 +1115,13 @@ DEBUG(D_transport)
if (!(tctx->options & topt_no_body))
{
- int size = size_limit;
+ unsigned long size = size_limit > 0 ? size_limit : ULONG_MAX;
nl_check_length = abs(nl_check_length);
nl_partial_match = 0;
if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0)
return FALSE;
- while ( (len = MAX(DELIVER_IN_BUFFER_SIZE, size)) > 0
+ while ( (len = MIN(DELIVER_IN_BUFFER_SIZE, size)) > 0
&& (len = read(deliver_datafile, deliver_in_buffer, len)) > 0)
{
if (!write_chunk(tctx, deliver_in_buffer, len))
--
2.20.1
|
