Adding upstream version 3.8.6.upstream/3.8.6

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 34 insertions, 5 deletions

diff --git a/src/smtpd/smtpd.c b/src/smtpd/smtpd.c
index e84128b..6a2cf01 100644
--- a/src/smtpd/smtpd.c
+++ b/src/smtpd/smtpd.c
@@ -4129,14 +4129,31 @@ static int bdat_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	/*
 	 * Read lines from the fragment. The last line may continue in the
 	 * next fragment, or in the next chunk.
+	 * 
+	 * If smtp_get_noexcept() stopped after var_line_limit bytes and did not
+	 * emit a queue file record, then that means smtp_get_noexcept()
+	 * stopped after CR and hit EOF as it tried to find out if the next
+	 * byte is LF. In that case, read the first byte from the next
+	 * fragment or chunk, and if that first byte is LF, then
+	 * smtp_get_noexcept() strips off the trailing CRLF and returns '\n'
+	 * as it always does after reading a complete line.
 	 */
 	do {
+	    int     can_read = var_line_limit - LEN(state->bdat_get_buffer);
+
 	    if (smtp_get_noexcept(state->bdat_get_buffer,
 				  state->bdat_get_stream,
-				  var_line_limit,
+				  can_read > 0 ? can_read : 1,	/* Peek one */
 				  SMTP_GET_FLAG_APPEND) == '\n') {
 		/* Stopped at end-of-line. */
 		curr_rec_type = REC_TYPE_NORM;
+	    } else if (LEN(state->bdat_get_buffer) > var_line_limit) {
+		/* Undo peeking, and output the buffer as REC_TYPE_CONT. */
+		vstream_ungetc(state->bdat_get_stream,
+			       vstring_end(state->bdat_get_buffer)[-1]);
+		vstring_truncate(state->bdat_get_buffer,
+				 LEN(state->bdat_get_buffer) - 1);
+		curr_rec_type = REC_TYPE_CONT;
 	    } else if (!vstream_feof(state->bdat_get_stream)) {
 		/* Stopped at var_line_limit. */
 		curr_rec_type = REC_TYPE_CONT;
diff --git a/src/smtpd/smtpd_check.c b/src/smtpd/smtpd_check.c
index 7212ccf..093aa06 100644
--- a/src/smtpd/smtpd_check.c
+++ b/src/smtpd/smtpd_check.c
@@ -2994,6 +2994,7 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
     struct addrinfo *res;
     int     status;
     const INET_PROTO_INFO *proto_info;
+    int     server_addr_count = 0;
 
     /*
      * Sanity check.
@@ -3145,6 +3146,15 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
 	    msg_info("%s: %s host address check: %s",
 		     myname, dns_strtype(type), (char *) server->data);
 	for (res = res0; res != 0; res = res->ai_next) {
+	    server_addr_count += 1;
+	    if (server_addr_count > var_dns_rr_list_limit) {
+		msg_warn("%s: %s server address count limit (%d) exceeded"
+			 " for %s %s -- ignoring the remainder", myname,
+			 dns_strtype(type), var_dns_rr_list_limit,
+			 reply_class, reply_name);
+		freeaddrinfo(res0);
+		CHECK_SERVER_RETURN(SMTPD_CHECK_DUNNO);
+	    }
 	    if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {
 		if (msg_verbose)
 		    msg_info("skipping address family %d for host %s",
diff --git a/src/smtpd/smtpd_sasl_glue.c b/src/smtpd/smtpd_sasl_glue.c
index 2dc6aad..d9db7b0 100644
--- a/src/smtpd/smtpd_sasl_glue.c
+++ b/src/smtpd/smtpd_sasl_glue.c
@@ -340,18 +340,20 @@ int     smtpd_sasl_authenticate(SMTPD_STATE *state,
 	}
     }
     if (status != XSASL_AUTH_DONE) {
+	const char *reason = (*STR(state->sasl_reply) ? STR(state->sasl_reply) :
+			      "(reason unavailable)");
+
 	sasl_username = xsasl_server_get_username(state->sasl_server);
 	msg_warn("%s: SASL %.100s authentication failed: %s, sasl_username=%.100s",
-		 state->namaddr, sasl_method, *STR(state->sasl_reply) ?
-		 STR(state->sasl_reply) : "(reason unavailable)",
+		 state->namaddr, sasl_method, reason,
 		 sasl_username ? sasl_username : "(unavailable)");
 	/* RFC 4954 Section 6. */
 	if (status == XSASL_AUTH_TEMP)
 	    smtpd_chat_reply(state, "454 4.7.0 Temporary authentication failure: %s",
-			     STR(state->sasl_reply));
+			     reason);
 	else
 	    smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",
-			     STR(state->sasl_reply));
+			     reason);
 	return (-1);
     }
     /* RFC 4954 Section 6. */