summaryrefslogtreecommitdiffstats
path: root/src/smtpd
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:40:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:40:29 +0000
commitd6c33feab80875e4e2ab4ec8bf46425a292318bc (patch)
tree9e325e95e2c785049562a1fefc7e56cf65cd8679 /src/smtpd
parentAdding upstream version 3.8.5. (diff)
downloadpostfix-d6c33feab80875e4e2ab4ec8bf46425a292318bc.tar.xz
postfix-d6c33feab80875e4e2ab4ec8bf46425a292318bc.zip
Adding upstream version 3.8.6.upstream/3.8.6
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/smtpd')
-rw-r--r--src/smtpd/smtpd.c19
-rw-r--r--src/smtpd/smtpd_check.c10
-rw-r--r--src/smtpd/smtpd_sasl_glue.c10
3 files changed, 34 insertions, 5 deletions
diff --git a/src/smtpd/smtpd.c b/src/smtpd/smtpd.c
index e84128b..6a2cf01 100644
--- a/src/smtpd/smtpd.c
+++ b/src/smtpd/smtpd.c
@@ -4129,14 +4129,31 @@ static int bdat_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
/*
* Read lines from the fragment. The last line may continue in the
* next fragment, or in the next chunk.
+ *
+ * If smtp_get_noexcept() stopped after var_line_limit bytes and did not
+ * emit a queue file record, then that means smtp_get_noexcept()
+ * stopped after CR and hit EOF as it tried to find out if the next
+ * byte is LF. In that case, read the first byte from the next
+ * fragment or chunk, and if that first byte is LF, then
+ * smtp_get_noexcept() strips off the trailing CRLF and returns '\n'
+ * as it always does after reading a complete line.
*/
do {
+ int can_read = var_line_limit - LEN(state->bdat_get_buffer);
+
if (smtp_get_noexcept(state->bdat_get_buffer,
state->bdat_get_stream,
- var_line_limit,
+ can_read > 0 ? can_read : 1, /* Peek one */
SMTP_GET_FLAG_APPEND) == '\n') {
/* Stopped at end-of-line. */
curr_rec_type = REC_TYPE_NORM;
+ } else if (LEN(state->bdat_get_buffer) > var_line_limit) {
+ /* Undo peeking, and output the buffer as REC_TYPE_CONT. */
+ vstream_ungetc(state->bdat_get_stream,
+ vstring_end(state->bdat_get_buffer)[-1]);
+ vstring_truncate(state->bdat_get_buffer,
+ LEN(state->bdat_get_buffer) - 1);
+ curr_rec_type = REC_TYPE_CONT;
} else if (!vstream_feof(state->bdat_get_stream)) {
/* Stopped at var_line_limit. */
curr_rec_type = REC_TYPE_CONT;
diff --git a/src/smtpd/smtpd_check.c b/src/smtpd/smtpd_check.c
index 7212ccf..093aa06 100644
--- a/src/smtpd/smtpd_check.c
+++ b/src/smtpd/smtpd_check.c
@@ -2994,6 +2994,7 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
struct addrinfo *res;
int status;
const INET_PROTO_INFO *proto_info;
+ int server_addr_count = 0;
/*
* Sanity check.
@@ -3145,6 +3146,15 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
msg_info("%s: %s host address check: %s",
myname, dns_strtype(type), (char *) server->data);
for (res = res0; res != 0; res = res->ai_next) {
+ server_addr_count += 1;
+ if (server_addr_count > var_dns_rr_list_limit) {
+ msg_warn("%s: %s server address count limit (%d) exceeded"
+ " for %s %s -- ignoring the remainder", myname,
+ dns_strtype(type), var_dns_rr_list_limit,
+ reply_class, reply_name);
+ freeaddrinfo(res0);
+ CHECK_SERVER_RETURN(SMTPD_CHECK_DUNNO);
+ }
if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {
if (msg_verbose)
msg_info("skipping address family %d for host %s",
diff --git a/src/smtpd/smtpd_sasl_glue.c b/src/smtpd/smtpd_sasl_glue.c
index 2dc6aad..d9db7b0 100644
--- a/src/smtpd/smtpd_sasl_glue.c
+++ b/src/smtpd/smtpd_sasl_glue.c
@@ -340,18 +340,20 @@ int smtpd_sasl_authenticate(SMTPD_STATE *state,
}
}
if (status != XSASL_AUTH_DONE) {
+ const char *reason = (*STR(state->sasl_reply) ? STR(state->sasl_reply) :
+ "(reason unavailable)");
+
sasl_username = xsasl_server_get_username(state->sasl_server);
msg_warn("%s: SASL %.100s authentication failed: %s, sasl_username=%.100s",
- state->namaddr, sasl_method, *STR(state->sasl_reply) ?
- STR(state->sasl_reply) : "(reason unavailable)",
+ state->namaddr, sasl_method, reason,
sasl_username ? sasl_username : "(unavailable)");
/* RFC 4954 Section 6. */
if (status == XSASL_AUTH_TEMP)
smtpd_chat_reply(state, "454 4.7.0 Temporary authentication failure: %s",
- STR(state->sasl_reply));
+ reason);
else
smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",
- STR(state->sasl_reply));
+ reason);
return (-1);
}
/* RFC 4954 Section 6. */