diff options
Diffstat (limited to 'src/smtpd')
-rw-r--r-- | src/smtpd/smtpd.c | 19 | ||||
-rw-r--r-- | src/smtpd/smtpd_check.c | 10 | ||||
-rw-r--r-- | src/smtpd/smtpd_sasl_glue.c | 10 |
3 files changed, 34 insertions, 5 deletions
diff --git a/src/smtpd/smtpd.c b/src/smtpd/smtpd.c index c46bdf8..f9812af 100644 --- a/src/smtpd/smtpd.c +++ b/src/smtpd/smtpd.c @@ -4053,14 +4053,31 @@ static int bdat_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) /* * Read lines from the fragment. The last line may continue in the * next fragment, or in the next chunk. + * + * If smtp_get_noexcept() stopped after var_line_limit bytes and did not + * emit a queue file record, then that means smtp_get_noexcept() + * stopped after CR and hit EOF as it tried to find out if the next + * byte is LF. In that case, read the first byte from the next + * fragment or chunk, and if that first byte is LF, then + * smtp_get_noexcept() strips off the trailing CRLF and returns '\n' + * as it always does after reading a complete line. */ do { + int can_read = var_line_limit - LEN(state->bdat_get_buffer); + if (smtp_get_noexcept(state->bdat_get_buffer, state->bdat_get_stream, - var_line_limit, + can_read > 0 ? can_read : 1, /* Peek one */ SMTP_GET_FLAG_APPEND) == '\n') { /* Stopped at end-of-line. */ curr_rec_type = REC_TYPE_NORM; + } else if (LEN(state->bdat_get_buffer) > var_line_limit) { + /* Undo peeking, and output the buffer as REC_TYPE_CONT. */ + vstream_ungetc(state->bdat_get_stream, + vstring_end(state->bdat_get_buffer)[-1]); + vstring_truncate(state->bdat_get_buffer, + LEN(state->bdat_get_buffer) - 1); + curr_rec_type = REC_TYPE_CONT; } else if (!vstream_feof(state->bdat_get_stream)) { /* Stopped at var_line_limit. */ curr_rec_type = REC_TYPE_CONT; diff --git a/src/smtpd/smtpd_check.c b/src/smtpd/smtpd_check.c index ed0e3ff..69119ad 100644 --- a/src/smtpd/smtpd_check.c +++ b/src/smtpd/smtpd_check.c @@ -2985,6 +2985,7 @@ static int check_server_access(SMTPD_STATE *state, const char *table, struct addrinfo *res; int status; INET_PROTO_INFO *proto_info; + int server_addr_count = 0; /* * Sanity check. @@ -3134,6 +3135,15 @@ static int check_server_access(SMTPD_STATE *state, const char *table, msg_info("%s: %s host address check: %s", myname, dns_strtype(type), (char *) server->data); for (res = res0; res != 0; res = res->ai_next) { + server_addr_count += 1; + if (server_addr_count > var_dns_rr_list_limit) { + msg_warn("%s: %s server address count limit (%d) exceeded" + " for %s %s -- ignoring the remainder", myname, + dns_strtype(type), var_dns_rr_list_limit, + reply_class, reply_name); + freeaddrinfo(res0); + CHECK_SERVER_RETURN(SMTPD_CHECK_DUNNO); + } if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) { if (msg_verbose) msg_info("skipping address family %d for host %s", diff --git a/src/smtpd/smtpd_sasl_glue.c b/src/smtpd/smtpd_sasl_glue.c index ee5c041..2c24edc 100644 --- a/src/smtpd/smtpd_sasl_glue.c +++ b/src/smtpd/smtpd_sasl_glue.c @@ -321,18 +321,20 @@ int smtpd_sasl_authenticate(SMTPD_STATE *state, } } if (status != XSASL_AUTH_DONE) { + const char *reason = (*STR(state->sasl_reply) ? STR(state->sasl_reply) : + "(reason unavailable)"); + sasl_username = xsasl_server_get_username(state->sasl_server); msg_warn("%s: SASL %.100s authentication failed: %s, sasl_username=%.100s", - state->namaddr, sasl_method, *STR(state->sasl_reply) ? - STR(state->sasl_reply) : "(reason unavailable)", + state->namaddr, sasl_method, reason, sasl_username ? sasl_username : "(unavailable)"); /* RFC 4954 Section 6. */ if (status == XSASL_AUTH_TEMP) smtpd_chat_reply(state, "454 4.7.0 Temporary authentication failure: %s", - STR(state->sasl_reply)); + reason); else smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s", - STR(state->sasl_reply)); + reason); return (-1); } /* RFC 4954 Section 6. */ |