summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-11-11 10:27:42 +0000
committerJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-11-11 10:27:42 +0000
commit2bdf54bbc647d224f9e63b570bdf159d7310887f (patch)
treed67ee6320cf95d0a6b0cff3ce3ca8c0033e94d7f
parent5edef8cb541b0474cfe683e527728ba62857d252 (diff)
Ensure all replies are at least 4 chars long. If only 3 chars were
received, append a space character. This enables other parts of the daemon to safely index into 4th character of the reply buffer without the risk of accessing one byte beyond NUL. ok gilles@
-rw-r--r--usr.sbin/smtpd/client.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/usr.sbin/smtpd/client.c b/usr.sbin/smtpd/client.c
index 70ad158ae26..dcda54ed35f 100644
--- a/usr.sbin/smtpd/client.c
+++ b/usr.sbin/smtpd/client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: client.c,v 1.12 2009/11/10 14:57:03 jacekm Exp $ */
+/* $OpenBSD: client.c,v 1.13 2009/11/11 10:27:41 jacekm Exp $ */
/*
* Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net>
@@ -890,9 +890,20 @@ client_getln(struct smtp_client *sp)
if (sp->verbose)
fprintf(sp->verbose, "<<< %s\n", ln);
- if (strlen(ln) == 3)
- break;
- else if (strlen(ln) < 4 || (ln[3] != ' ' && ln[3] != '-')) {
+ /* 3-char replies are invalid on their own, append space */
+ if (strlen(ln) == 3) {
+ char buf[5];
+
+ strlcpy(buf, ln, sizeof(buf));
+ strlcat(buf, " ", sizeof(buf));
+ free(ln);
+ if ((ln = strdup(buf)) == NULL) {
+ cause = "150 strdup error";
+ goto done;
+ }
+ }
+
+ if (strlen(ln) < 4 || (ln[3] != ' ' && ln[3] != '-')) {
cause = "150 garbled smtp reply";
goto done;
}